Letting users access other users home directories

Hello,
I am currently setting up an xserve at a school and I am running into some problems. I want to let the group teachers be able to access all of the students home directories. I added to the permissions the group teachers for the users folders, but the permissions do not carry through all subfolders. What would be the best way to set up these permissions in tiger server?
Thanks
Robert

Hi
When sharing a desired folder for automounting networked home directores the default POSIX values are:
Owner: root/admin R/W (can be either)
Group: admin Read Only
Everyone Read Only
Going beyond this folder and you can then view the default attributes for individual folders. These should be:
Owner: the persons name Read & Write
Group: admin Read Only
Everyone: None
This is as it should be and you should leave these alone. In the situation you describe it makes sense to grant Read/Write access for teachers so as students work can be marked and/or assessed. In which cae you want to preserve the POSIX permissions but use an additional permissions model that allows access withour breaking the default permissions.
10.4 Server allows for this as Access Control Lists (ACLs) are available once you enable them for the volume that has the shared folder for automounting networked home folders on it. WorkGroup Manager > Sharing > General. Select the volume and tick the box that says 'Enable Access Control Lists on this volume'. When you have done this, restart the Server. Enabling/Disabling ACLs on any volume should always be followed by a restart.
On successful log in launch WorkGroup Manager, select Sharing, select folder you are interested and and select Access. Below the Standard POSIX model there is a window. This window is where you add desired users or groups (or a mix of both) and define what access they have to the selected folder. At the bottom of this window is a small gear wheel. Selecting this will show a small sub-menu where you can propagate permissions as well as viewing effective permissions. I would suggest you create a year group, add desired teachers to that year group and then add this year group to each desired year folder. Define your permissions and propagate them. You should now have at the end of this the default POSIX permissions for individual student folders still in place and honoured as well as overriding permission for teachers.
Hope this helps, Tony

Similar Messages

  • Migrating Users To Server-based Home Directories

    When you install a new server and you want to migrate users to server-based home directories and they currently have local home directories (with iCal, iTunes, iPhone, etc.), what is the process?
    Will their local data be auto-moved to the server? Will it be deleted? What?
    Message was edited by: Jerry Britton1

    I went through this many years ago. Here's what I did...
    #1: Create the user in Open Directory.
    #2: Log in to the local account on the computer.
    #3: Using "Connect to Server..." mount the network home on the client Mac.
    #4: Copy all data to the same folders on the network home.
    #5: Delete the local account.
    Now when the user logs in with network credentials their network home will have all their stuff. Some preference files may need to be recreated but that's about it.

  • Cant access other users files

    When i log in i cant access other users files. a red symbol is on all of the files. if i could get some help it would be great.

    future_ortho,
    Of course you can't: The file permissions and ownership are set correctly.
    Before somebody tells you how, one question: Why look at other people's files?
    I'm uncomfortable telling somebody how to invade another person's privacy without hearing/having good reason to do so.
    (They can put files they want to share in the Shared folder.)
    -Wayne

  • Accessing Other user's public folders

    I am connected to an ethernet network at my college. Can anyone tell me how I can access other user's folders? I am doing a project with another friend who also has a mac and it would be much easier to simply access his folder for documents than for us to e-mail them back and forth constantly. One more question, does the other computer have to be a mac, or can I access a PC as well.

    See if this helps you:
    http://docs.info.apple.com/article.html?artnum=19652
    Phil

  • How to change sheduled jobs from one users to other user?

    Hi,
    I want to change shoulded jobs from one users to other user.
    Is there any way that we change job from one user to other user.
    apart procedure with sm37: single job selecting with copy option.
    Regards,
    Gianluca Vinco

    Hi,
    Please try the folloiwng for changing the User of a Scheduled job:
    1. Go to transaction SM37, select the 'Scheduled' Job by checking the check box and then use the menu path Job -
    > Change
    2. You may reach the Change Job xxx screen. Here, click on the Step button
    3. You may reach the Step List Overview screen
    4. Here select the step in the list and click on the Change icon to make the User change in the pop up Edit Step window
    I hope this helps you in your work.
    Best Regards
    Sitaraman

  • Migrating Local Users to Network/Mobile Home Directories

    Hey Everyone!
    A Happy Holiday's to you all! I'm in the midst of building a new system for my new clients. They had nothing but static IP numbers and no actual servers in a 50+ Mac environment. MacBook Pros, G5's and PowerBook G4s up the yang.
    What I'm looking to do is migrate as seamlessly as possible, all of the existing local users to network users and then some of those network users will become mobile accounts. I have Open Directory authenticating properly so...
    Here's my plan:
    1) Finish creating new builds for the MacBook Pro's, the G5s, and the PowerBook G4s.
    2) Create the users in OD and assign them to groups for permissions.
    3) Drag and drop entire home directory from each computer to a shared folder on my OD Server.
    From here I want to run chown, I'm guessing, to change the user:group for the home folders I copied over so that they match the ID's created by OD. I figure when I do that, then I can simply replace the OD created home folders in my server's Users folder with the copied and permission modified home directories from each local user.
    My guess is that would be the fastest way to migrate the users to the network.
    My question is are the terminal commands I need to run on each folder in order to make this as seamless as possible?
    chown -R username:newgroupname /~path to copied local home directory
    Is that syntax right?

    The command is correct!!!
    But my quess is if you use ACL's to set the permissions you won't need to run the command on every folder
    Best Regards

  • LDAP/OID Users granting other users access issue

    Hi,
    I have created 4 users (User1, User2, User3, User4) and 2 groups (Group1 and Group2)
    User1 is the Group1 owner and User2 is a member of Group1
    User3 is the Group2 owner and User4 is a member of Group2
    I have made both groups private.
    I have given User2 manage privilege on a portal page and have logged in as User2 and edited the page.
    When User2 tries to Grant access to the page, they can see all the users in the OID ie User1, User3, User4, Portal etc
    My thoughts were that User2 would only be able to grant access to other users in his group(s).
    Basically, I want to be able to control which users a user can grant access to on a page. Is this possible?
    Thanks
    Joel.

    What about SSL or LDAPS !
    Can't seem to find any java examples which would support services of type:
    ldapbind -U 1,2 for java API !

  • How do you access other users' apps, files, etc.

    I tried to, but it says it's locked. Basically, since my other family uses different keyboard layouts (U.S. instead of Dvorak for instance) I wanted them to please switch to their user. Also I didn't want them to have access to my Gmail (I could sense that they were peaking at it). So I would like to move some of the apps from mine to there with all its passwords saved and then remove the passwords to my personal accounts. We have different YouTube accounts as well so it's a challenge to log out and log in.

    I don't have Chrome, but most browsers will import bookmarks from Safari etc.  Look for an Import function (probably under the File menu.
    If you are looking to add bookmarks from another user account, you need to open the browser from that account and export or backup the bookmarks there.  You can then put that file into the users Shared folder where you will be able to access it from other user accounts.
    Hope that was clear.

  • How to access other user's inbox work items?

    Hi,
    I have to view what all work items are avaialble in a particular user's inbox. How to achieve this?
    Is it possible?
    -Nick

    Hi Nick,
    So you would need all the other users inbox items to be displayed in your SBWP rite?
    You can do this by substitution. Please follow the below steps.
    Go to SBWP of the user whose inbox you want to see.
    SBWP -> settings -> office settings  ->  Substitution -> Add ur inbox in the substitute field and substitute all authorizations .(Check for the End date as well).
    You need to follow the same for all the other users.
    After this, Log in your SBWP and check if you are able to see all the user's inboxes or not.
    Thanks,
    Nick S

  • Local access to Network Home directories

    Under Leopard, I want to allow a user to log in to the machine that hosts his network home directory, and access it locally from that machine.
    User joe is set up in Open Directory to use a network home directory that is served from machine joe-ws. In other words, his Home record points to afp://;AUTH=Client%20Krb%20v2@joe-ws/Users/joe. There is also a mount record in OD that causes joe-ws:/Users to auto mount as /Network/Servers/joe-ws/Users
    This is working perfectly -- Joe can log in anywhere on the network and see his files. He can also create portable home directories, sync them, and the like.
    Except that he can't log in on joe-ws: if he does so, joe-ws tries to mount its own sharepoint via afp in order to find joe's home directory and that isn't a happy situation.
    Is there any obvious way to do what I want?

    I have found the source of my problem and resolved it -- it relates to case-sensitivity of host names.
    What is supposed to happen is that automount and autofs are smart enough not to try to mount shares that are hosted locally. If, for example, if there is mount record in the directory asking for afp://joe-ws/Users to be mounted in /Network/Servers/joe-ws/Users, then on every machine but joe-ws, it'll happen. On joe-ws, on the other hand, automount just creates /Network/Servers/joe-ws as a link to /
    In my case, there was a typo in the local DNS zone records, causing joe-ws to think it's name was joe-ws.DOMAIN.com, whereas the mount records referred to joe-ws.domain.com (difference being case).
    Therefore, automount, running on joe-ws.DOMAIN.com tried to mount a sharepoint hosted on joe-ws.domain.com. DNS sees these as the same host; automount doesn't, so fails to apply the special magic that normally applies when you ask it to mount a sharepoint that is hosted locally.

  • User Access when User belongs to multiple teams

    I have a user that belongs to two teams:  one of the teams has a task profile that includes only eAnalyze and is assigned a member access profile that has read only access to the application; the other team has a task profile that includes eAnalyze and SubmitData and is assigned a member access profile that has read and write access to the same application.
    Because one of the teams has a lower member access profile of read only, does that mean that if the user tries to submit data, the submission will be denied?
    In other words, if a user effectively has multiple user access profiles, does the LOWER access always win out?
    Thanks in advance,
    Valerie Dixon

    Hi,
    As already indicated, the higher profile wins. The best way to understand this is to create a union of the different profiles assigned to the same user through different teams. The result what you get after union is the final profile of the user.
    Hope this helps.

  • Convergence problem -- users seeing other users' mailboxes

    Hello, all!
    We seem to be having rather a shocking problem with Convergence -- in certain rare circumstances, people logging in to Convergence sometimes end up with other people's mailboxes instead of their own.
    Today, we had another of such incidents reported to our helpdesk -- after the issue was passed to my division, I decided to visit the affected user's desktop to see who they were logged in as, plus some particulars from cookes that Convergence uses, thinking that it may be related to a recent patch we received as a response from a Sun Support ticket filed about a similar incident. Afterwards, I went back to the server and started reading logs to see if I could pinpoint the root cause of what happened.
    Note that these logs have been sanitized -- <INCORRECT_USER> represents the username of the mailbox that the affected user saw instead of their own, <AFFECTED_IP> represents the IP address of the affected user's IP address, and <PREVIOUS_IP> represents the IP address of the user trying to access their mailbox that was seen by the affected user as well. (The IPs are not the same and are not in the same subnet.)
    So, from our Glassfish domain's access logs:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:04:37 -0600" "GET /iwc/svc/wmap/msg.mjs?rev=3&sid=&mbox=INBOX&uid=457&process=html%2Cjs%2Clink%2Ctarget%2Cbinhex&maxtext=155000&security=false&lang=en&token=KZc9jnOair&dojo.preventCache=1289322277283 HTTP/1.1" 200 6184
    That was the last access from the affected user's IP address before the incident begins -- this is just to show that they didn't log out. Then:
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:06 -0600" "GET /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n HTTP/1.1" 200 5095
    ...the other user visits the login page to try and log in. (I'll spare everyone the accesses to the preloading of Convergence's UI images. =) After a while, the other user attempts to log in and is successfully sent to main.html:
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
    "<PREVIOUS_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "GET /iwc_static/layout/main.html?lang=en&14.01_234924& HTTP/1.1" 200 8856
    However, out of the blue:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/iwcp/login.iwc HTTP/1.1" 200 312
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:19:11 -0600" "POST /iwc/svc/wmap/cmd.mjs HTTP/1.1" 200 17
    ...the affected user tries to log in as well, then ask the AJAX cmd process to do something. The affected user mentioned that they usually stay connected to Convergence and just reopen a browser window when they need to check their mail. This seems consistent -- main.html probably prompted the affected user to retype their password to continue on after the previous commmand above failed after an expired session after they closed their browser window.
    Now, according to Convergence's iwc.log:
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,582- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,583- No valid session found, redirecting to login page
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:06,584- Redirecting to: /iwc_static/layout/login.html?lang=en-us&14.01_234924&svcs=abs,im,mail,calendar,c11n
    The other user visits the site and is redirected to login.html, then...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,410- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,411- Iwc Protocol command issued: login.iwc
    AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,413- Subject not found in session, creating one
    AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,414- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,416- SunLDAPLoginModule:initialize()
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,504- SunLDAPLoginModule:login()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,506- User LoginID is <INCORRECT_USER>
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,508- Host header is connect.siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,510- Attempting to resolve User's domain/organization: siue.edu from the host header...
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,511- User domain is siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,513- Done Handling Callback class: com.sun.comms.client.security.auth.modules.impl.SunLDAPAuthCallBack
    AUTH: DEBUG from com.sun.comms.client.security.auth.AppCallbackHandler Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,514- Done Handling Callback class: com.sun.comms.client.security.auth.AuthorizationIdCallback
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,516- SunLDAPLoginModule:lookupUser()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,517- Loaded UG LDAP pool...
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,521- Releasing UG LDAP to pool
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,523- Loaded Auth LDAP pool...
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,527- Releasing Auth LDAP to pool
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,529- SunLDAPLoginModule:User <INCORRECT_USER> Authenticated
    AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,533- Loading user entry from LDAP
    ...the other user successfully logs in (using an external Sun-based LDAP server), then starts asking the LDAP server for their Convergence preferences.
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,535- Creating Comms User.....
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,537- Creating new User
    (That's interesting...)
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,539- Login id of the user is <INCORRECT_USER>
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,541- Domain name of the user is siue.edu
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,544- Org DN of the user is o=siue.edu,o=usergroup
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,546- Real domain name of the user is siue.edu
    AUTH: INFO from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,548- User entry loaded successfully
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,550- Updating user cache with default attribute values
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,552- Updating user cache common preference with default values
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,555- Processing AttrName: sunUCDefaultApplication
    AUTH: DEBUG from com.sun.comms.client.security.auth.CommsUserInitContext Thread httpSSLWorkerThread-443-33 ipaddress=<PREVIOUS_IP> sessionid= at 11/09/10 11:19:14,557- Preference Attribute : sunUCDefaultApplication is not present in user cache
    And intermixed with the loading of preferences for the other user...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,666- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,667- Iwc Protocol command issued: login.iwc
    AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,669- Subject not found in session, creating one
    AUTH: DEBUG from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,671- Loaded com.sun.comms.client.security.auth.AppCallbackHandler class
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,674- SunLDAPLoginModule:initialize()
    AUTH: DEBUG from com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,676- SunLDAPLoginModule:login()
    AUTH: INFO from com.sun.comms.client.security.auth.modules.impl.SunAuthCallBack Thread httpSSLWorkerThread-443-18 ipaddress=<AFFECTED_IP> sessionid= at 11/09/10 11:19:14,678- User LoginID is <INCORRECT_USER>
    ...there's the affected user trying to log in -- and getting the same username as the other user!
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,933- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.authorization.MailAuthorizationFilter Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,935- Removing token parameter from the mail backend service request
    PROXY_MAIL: DEBUG from com.sun.comms.client.web.services.sun.MailServiceProxy Thread httpSSLWorkerThread-443-32 ipaddress=<AFFECTED_IP> sessionid=0fabb5152fbab756c5ef6cdb2c1d at 11/09/10 11:19:14,938- reqURI: /iwc/svc/wmap/cmd.mjs
    The affected user (seeing that they have less to load) tries to send the command referenced above. Note their session ID...
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,740- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,831- Iwc Protocol command issued: get_allprefs.iwc
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,834- get_allprefs.iwc : Service is not enabled : smime
    CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,837- Virtual domain is enabled
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<PREVIOUS_IP> sessionid=1a60d56c1deb585e05bf126aa4fe at 11/09/10 11:19:15,839- client preferences not found for domain: siue.edu
    ...and how it's completely different from the other user's session ID. (One odd note -- the other user's browser asks for get_allprefs.iwc, but the affected user's browser doesn't until much later when, after seeing the incorrect mailbox, tried to rectify the problem by closing their browser and revisiting the domain, which bounced them off to main.html since they (apparently) had a valid session:
    From Glassfish's access logs:
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET / HTTP/1.1" 200 279
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc/ HTTP/1.1" 302 0
    "<AFFECTED_IP>" "NULL-AUTH-USER" "09/Nov/2010:11:24:48 -0600" "GET /iwc_static/layout/main.html?lang=en-us&14.01_234924 HTTP/1.1" 200 8856
    And from Convergence's iwc.log:
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,928- SSO is disabled
    AUTH: DEBUG from com.sun.comms.client.web.auth.IwcAuthController Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,934- Found a valid session, redirecting user to the main view page
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-36 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:50,952- client preferences not found for domain: siue.edu
    AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,947- SSO is disabled
    PROTOCOL: DEBUG from com.sun.comms.client.protocol.ProtocolEngineServlet Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,949- Iwc Protocol command issued: get_allprefs.iwc
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.UserPrefsCommandDelegate Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,951- get_allprefs.iwc : Service is not enabled : smime
    CONFIG: DEBUG from com.sun.comms.client.web.ServerConfiguration Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,952- Virtual domain is enabled
    PROTOCOL: WARN from com.sun.comms.client.protocol.delegate.agent.ClientOptionsAgent Thread httpSSLWorkerThread-443-37 ipaddress=<AFFECTED_IP> sessionid=1a60de74f3d0ef2780bc181221e2 at 11/09/10 11:24:51,954- client preferences not found for domain: siue.edu
    (Again, what's odd is that the JSESSIONID changes again.)
    I thought initially that it may be a pooling problem, so I decided to check out the logs for the Sun ONE Directory Server that this instance of Convergence is connected to and:
    [09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [09/Nov/2010:11:19:14 -0600] conn=407075 op=22106 msgId=86900 - RESULT err=0 tag=101 nentries=1 etime=0
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2173 msgId=86901 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    [09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [09/Nov/2010:11:19:14 -0600] conn=408784 op=4786 msgId=86902 - RESULT err=0 tag=101 nentries=1 etime=0
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [09/Nov/2010:11:19:14 -0600] conn=408714 op=2174 msgId=86903 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    But two different LDAP connections.... well, actually four... searched for and bound to the other user's username.
    The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:
    [08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - SRCH base="o=siue.edu,o=usergroup" scope=2 filter="(uid=<INCORRECT_USER>)" attrs="* isMemberOf"
    [08/Nov/2010:21:23:10 -0600] conn=407075 op=18839 msgId=75351 - RESULT err=0 tag=101 nentries=1 etime=0
    [08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - BIND dn="uid=<INCORRECT_USER>,ou=People,o=siue.edu,o=usergroup" method=128 version=3
    [08/Nov/2010:21:23:10 -0600] conn=408714 op=680 msgId=75352 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=<INCORRECT_USER>,ou=people,o=siue.edu,o=usergroup"
    I'm stumped -- anyone have any ideas why this is happening to us? (Due to these problems, we've been forced to shutdown our Convergence servers and redirect users to another older webmail product until this is fixed.)

    >
    The other interesting thing I found was while I was searching for the other user's username in the LDAP logs -- earlier I pointed out an interesting entry about "creating a Comms user"; however, the other user logged in previously to Convergence:"creating a Comms user" => means creating user object in memory using details in the LDAP and configuration, it does not create a User entry in LDAP.
    Can you please provide following details:
    - version of Convergence
    - output of 'iwcadmin -l'
    - full iwc.log and glassfish access log file

  • Revoking User tables privileges from one user to other user thru DBA.

    Hi,
    I want to revoke the select privilege from user granted tables to other user from Sys/Dba roled user.
    Detail
    ---------------I have 3 users namely
    1.User1 (Role: Normal User)
    2.User2 (Role: Normal User)
    3.SYS (Role: DBA privileged user)
    User1 has created a table called Table1 and grant the select privilege to User2.
    Is it possible that sys (DBA privileged user) user can revoke the select privilege of table1 from user2??.
    Thanks,
    Natarajan.U

    You can not revoke the privileges that were not granted by you or you will hit the error ORA-01927: cannot REVOKE privileges you did not grant.
    Even SYS/user with SYSDBA role can not revoke others grants.

  • Want imported bookmarks to show without having to go to "from IE". First user does other users don't

    When I first downloaded, it asked if I wanted to import existing bookmarks. They all show when I hover over "bookmarks". When I set up another users' account, it requires them to go down to "from internet explorer" to view them. I want them all to show when the other user hover over "bookmarks" like mine does.

    You can move them out of the From Internet Explorer folder to another folder.
    * The Bookmarks Toolbar folder stores the bookmarks that you see on the (View > Toolbars >) Bookmarks Toolbar.
    * The Bookmarks Menu folder stores bookmarks that you see in the Bookmarks menu and create via "Bookmarks > Bookmark This Page" or "Bookmark This Link" in the right click context menu.
    * The Unsorted Bookmarks folder stores the bookmarks that are created by clicking the star at the right end of the location bar.
    *http://kb.mozillazine.org/Sorting_and_rearranging_bookmarks_-_Firefox
    *https://support.mozilla.org/kb/Sorting+bookmarks

  • ACCESSING OTHER USER'S TABLES

    I have to access user B's tables, and I don't have DBA previleges.
    How can I do that?
    Is it B or DBA that should grant me permission for doing this ?

    User B has to grant you the priviledges for accessing his/her tables to you.
    DBA can do the same to you as DBA has priviledge for all tables.

Maybe you are looking for

  • Automatic assignment of Partner Function (Dealer) based on Postal Code?

    Hi Experts, We are realizing a project in the Bathroom-Product Industry. Responsible for the service to the end-clients are authorized dealer. When creating a service ticket the responsible dealer has to be assigned automatically to the ticket on the

  • Usb device reconnects routinely

    Hi! I have a USB MIDI keyboard - M-AUDIO Keystation Pro 88. A while ago I used to use another linux distro (Ubuntu) and everything went fine. Then I switched (back) to Arch Linux, and here's what's gone wrong: my keyboard  began to reconnect all the

  • How to moniter the max quantity of used dialog work process in SAP system

    Dear Gurus, The quantity of Dia Work Process(DWP) of APP1 is: 16 (rdisp/wp_no_dia=16) The quantity of Dia Work Process(DWP) of APP2 is: 16 (rdisp/wp_no_dia=16) The quantity of Dia Work Process(DWP) of APP3 is: 20 (rdisp/wp_no_dia=20) The quantity of

  • Active content updater not working

    hello, i am having alot of trouble getting the active content updater for my flash to work, i have followed all directions and i still have to click to activate the content? i am using Flash 8 professional. Any help please?

  • Need to delete someone's "old" email address.

    I was typing someone's name into a new email when 2 possible addresses appeared. One was an old one but did not appear in my Address Book. It would seem that it was being accessed from an old email. I would like to get rid of it so that it does not c