I'm not sure if this is really an iManager, OES, or eDirectory question.

OES 11 SP1 (yeah yeah, I know)
iManager 2.7 and whatever eDir version was around for SP1.

Anyway, in iManager -> Directory Administration is an option for:
Copy Object.

That gives you 3 main choices:
1) Create new object and copy attribute values
2) Copy attribute values to an existing object

And a checkbox for:
Copy ACL rights

The use case is that we're using Groups for file rights (long story, we're being forced to migrate to nasty Windows). In practice, we generally have 3 categories of rights:

Read Only (ie: RF) - You can look, copy, but you cannot change, delete, etc.
"full" (ie: RWCEFM) - You can basically do whatever, but no ACL rights
and rarely get the: No Erase (RWCF) - You can look at stuff, put new stuff into the folder, but you cannot overwrite the data or delete the data that's where).

But it's not uncommon to have a Group for Read Only and a Group for "Full" that have the same users in them (file rights are assigned via NSS/Novell Client).

So if you create/populate a group for "read only" it would be nice to copy that group (and it's membership) for the "full" and then you just assign the rights via Novell Client like you normally would.

However, when I use the Copy Object and the first choice in iManager, it creates an empty group. Description is copied as are other attributes, but apparently not Members tab.

Granted, the "?" icon states that this doesn't do that.


Is there a way to do this (short of LDAP stuff and IDM stuff)? I'm assuming this is a limitation of eDir and not iManager (although it could very well be a limitation of iManager, but I don't recall if ConsoleOne had the same issues or not, but that's no longer used).