Geoffrey, The NDS might be working diffrently then eDirectory. Here's how things working for dynamic group
When a user is added to a group , a attribute say memberof is added to his/her id as dn: uid=xxxxxxxxxxxxx ... memberof: DN of some group When that group is deleted here what you can see in the audit logs dn: DN of the group changetype: delete dn: uid=xxxxxxxxxxxxx changetype: modify delete: memberof memberof: DN of that group. Now , because of this , when you search for that group, server will return you nothing and also all the users are modified by removing entry that was granting access to that group thanks to the Referential Integrity plugin. Explained this, I understand that you have only one option of going through the logs and gether information about the users who are changed by removing access to the group with memberof attribute. Let me know something more. -Kunal Mehta Geoffrey Carman <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > kunal wrote: > > ****Reposting Question**** > > Hello, > > I am using Netscape Directory Server 4.16 and using Dynamic Group for > > good resource utilization. I have a question for the situation where > > Dynamica Groups > > get deleted. Its a long and tedious process to go through the logs and > > try to re-assign access to all those users who had access to a > > perticular resource before the group got deleted. > > > > I want to understand a good practice to be implemented about the > > process of retrieving information in the case of Dynamic Group gets > > deleted. > > Well that seems simple... A dynamic group is defined as a groupf of > members, who match the search criteria... Why go thru the logs? Do a > search, that matches the ggroup search, and bingo, there is your list of > users... > > Heck, just grab the ACL's that were assigned to the group too... I > assume you can restore objects... I use eDirectory as my LDAP dir, but > hey, LDAP should be LDAP'y.
