I helped a customer who needed to reset the four default ACL’s on all 7000 of their users back to the defaults. This perl program creates an LDIF which accomplishes this task.
Here are the steps you need to follow:
On Linux, Perl is installed by default.
On Windows, you’ll have to install Perl. I prefer the one from www.activestate.com.
1. Create input file with all the user DN’s
ldapsearch -h shiloh -b “o=novell” “objectclass=inetorgperon” dn > users
2. Create the LDIF that adds the default ACL’s
perl acl3.pl users acl.ldif
3. Import the acl.ldif file
ldapmodify -h shiloh -D “cn=admin,o=novell” -w novell -f acl.ldif
On Linux, ldapsearch and ldapmodify are installed by default.
On Windows, both of these commands are available in sys:Public\mgmt\ConsoleOne\1.2\bin.
If some of the default ACL’s are present, add the -c switch to the ldapmodify command. It will continue processing the ldif even if duplicate values are found.
Changes in 5.0:
Previously, the DN’s had to be separated by exactly one line. In 5.0, this restriction has been removed. The DN’s can be separated by any number of lines. In addition, they don’t need to be separated at all.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.