Hi all,

i have a wierd issue...not sure when it started...it may have been linked to
our upgrade to eDir 884 but it may just be coincidental. The issue is
restricted to our student OU and subordinates. Students are in an OU
directly under our O and staff are in other OUs under the same O.

We have NW65SP8 and edir 8.8.4ftf1 and latest Novell Client and ZFD 701R2

The issue i have is that group members in the student OU are no longer
getting all the policy settings assigned to that group and can no longer
access files on servers with permissions assigned to the group. To test i
created a test account and made it a member of some groups...one group
under the student OU and the other group under the staff OU. If i assinn
permissions to the groups then the users cannot see the folder or any
files.If i assign permissions to the student OU then that works fine. When i
log in as the user and and i check permissions on the folder then i can see
that the OU has rights but i cant see the groups permissions..they're
applied..i just can't see them. If i do the same for a staff account i can
see the folder and i can see all the permissions for all the groups...the
same goups that the student is in.

The login scripts for the student work if they refer to the group (eg. if
member of )

so i'm not sure if it's the group or the user. The user has rights to see
their group membership, [Root] has rights to see group membership...so on
the surface that looks ok.

Policies applied directly to the group don't appear to be applied properly
either...it looks like DLU works but not the Group Policy...this has been
fine for some many years now and i've only just noticed it not working
recently after some local IT staff started complaining about things not
working as expected.

Or eDir upgrade was some time in March so i'm not if that's when it broke or
some other time but that's the last change that we made.

We have some other weird DS issue where we can't search for objects in
Console One or iManager without specifying the object class. Apparently
that's fixed in an up and coming service pack for eDir due for release in

Any ideas? If someone knows how files permissions work and how eDir is
searched then that would be a start. Eg does the server need permission the
see the users\groups via the [root] or [public] objects etc etc and what
rights would they need?

I've checked some of this via ldap and compared to working accounts an can't
seem to see any differences.