We have ldap authentication configured and working (IBM Tivoli Directory Server 6.0) on our XIr2 SP1 system. The ldap groups map properly into BOE and I can refresh the groups members and get the correct list of users in the CMC.
In InfoView, though, when one of these users logs into the system and tries to send a report to another users inbox, they can’t see any of the other users that are members of the ldap group. I’ve got the group security set so that they should be able to see other members of the group. If I create a BOE group (with the same security as the ldap group) and manually put the users into the BOE group, they can then see the other ldap users in the ‘send to’ function in Infoview. Obviously, I don’t want to (and shouldn’t have to) take this manual step to allow them to see the other users.
I’ve got a ticket open with BO, but I’m not having much luck with them. The support rep is convinced it’s my security settings and I’m convinced it’s not (since the ldap users work if they are put in a BOE group with the same security as the ldap group). I think it’s probably a bug in the way BO is handling the ldap group security.
We’re experiencing a similar (if not the same) problem. We have Enterprise groups with LDAP subgroups. All of our rights are assigned at the enterprise level, in case something happens to LDAP. Occasionally, we will add an Enterprise user to the enterprise group for testing.
Looking at copying items to other users’ inboxes, I can see every Enterprise user in my groups, but no LDAP users.
Nope. BO says it’s because we are using an unsupported LDAP version. IBM Tivoli 6.1 is too new for BO to handle. Of course, Tivoli 6.1 is about two years old now. I guess we’ll have to wait until Tivoli 8.0 comes out before BO will support 6.1
I’m having a similar problem in Sun LDAP server w/ BOXI R2 sp2. what I know for sure is that if you want to send to another inbox, every user needs ‘add objects to folder’ and ‘view objects’ rights on set on the Inboxes folder. A user with access to the CMC will see the other users inbox folder but not the content as they don’t have access to view instances.
In relation to the LDAP groups, it would seem that only administrators can see LDAP user lists. I did a test and the userA could only be seen by userB in the ldap groups after userA was also added to an enterprise group that userA and userB both belonged to. I’m trying to figure away around this… anyone with any ideas? I want the user to be able to check the LDAP group to verify members. In my model, I have a local admin for a particular group manage thier own LDAP groups list externally so we aren’t bothered with it.
I had experienced the similar issue.My issue is that users can’t send the reports to the other users inboxes. They can’t even see the users in the send to box.
I found in the readme of CHF17 for boxiR2 that it was a bug and it has been resolved in the CHF17.
However merely installing CHF17 will not resolve the issue. We will have to reassign the rights.
I am having a similar issue. It looks as if the View right needs to be granted for the Group to the actual users account. It seems the user account is not inheiriting the “View” right from the group.
Meaning, you can limit the list of users displayed, by setting “everyone” to “No Access” in CMC->Users->Rights. This will remove all users from the Inbox list. Now you can grant a group rights to see each individual user (CMC->Users).
Now when you look at the Inbox list you should only see the users you were granted “View” to.
When you want to see your LDAP users you will have to give rights on the everyone group. But this means that they can see all people! Another solution is to make an enterprise group (no LDAP) and place a user that’s in the LDAP group in the newly created Enterprise group. If you give For example a schedule user rights on that enterprise group (VIEW) then he is able to see the users.
(BOB member since 2004-05-03)
(BOB member since 2007-09-04)