Have had several clients looking for a method to report any entries with
"Elevated" permissions within eDirectory.

Of course this is from LDAP and no one has the Novell client installed.

Are there any products available to perform such reports?

Are there others that are looking for a solutions?

I created a Java program that will evaluate ACLs, but it is cumbersome
as you must pull in all the ACLs and then figure out what those leading
bits represent and then determine the trustee and then elaborate the
members of the trustee (ie if it is a group or org role).

From what I can tell ACL are not searchable from LDAP. So there is no
method to do an LDAP query for anyone with supervisor access to any
Or am I missing something?

Ideas or suggestions?


jwilleke's Profile: https://forums.netiq.com/member.php?userid=401
View this thread: https://forums.netiq.com/showthread.php?t=50921