NDSDAV: Managing NDS eDirectory Over the Internet
Articles and Tips: article
01 Jun 2000
You don't have to be the webmaster of the decade to appre ciate what Web-based Distributed Authoring and Versioning (WebDAV) can do. In fact, you don't have to be a webmaster at all to appreciate WebDAV. WebDAV is an open Internet protocol that extends HTTP 1.1 and uses Extensible Markup Language (XML) to add several new operations. Among other things, these operations enable web-based applications to create and modify folders and files on a web server.
WebDAV operations also allow web-based applications to obtain information about the folders and files on a web server. For example, an application can use these operations to obtain the name of the file's creator, the date the file was created, and the date the file was last modified. (For a brief explanation of the operations that give WebDAV these and other capabilities, see "A Grass Roots Effort.")
How can these operations help you--the network administrator--whether or not you are responsible for creating and maintaining files on your company's web site? The answer may surprise you. The Novell Directory Services Distributed Authoring and Versioning (NDSDAV) utility, which runs on top of the WebDAV protocol, can help you manage NDS eDirectory from anywhere you have Internet access via a web browser. (See Figure 1.)
Figure 1: NDSDAV uses WebDAV to help you manage your company's NDS tree over the Internet.
"What we're doing with NDSDAV is using the protocol that's there for doing WebDAV stuff and making it so that it's able to see into NDS eDirectory," explains Dan Burton, a software developer for Novell. "We're extending the WebDAV protocol into the NDS name space."
NDSDAV uses WebDAV operations to enable you to browse NDS objects, to manage those objects, and to create new objects. (For more information about how NDSDAV uses the WebDAV protocol, see "Directing WebDAV.") In addition, NDSDAV uses WebDAV to enable users to create and publish their own web files, to browse the applications and devices on your company's network, and to maintain their own NDS User objects--all through Internet Explorer 5 or above. (NDSDAV works with any browser that supports the WebDAV protocol.)
GOT NETWARE 5.1?
Where do you get NDSDAV, and how can you put this utility to work on your company's network? NDSDAV is part of Novell's WebDAV support for NetWare Enterprise Web Server in NetWare 5.1.
To get NDSDAV, you must first install NetWare 5.1, which includes most of the software that NDSDAV requires--the NetWare 5.1 operating system, NetWare Enterprise Web Server, and NDS eDirectory. To enable NDSDAV on your company's network, you must then install NetWare 5.1 Service Pack 1, which will soon be available free on Novell's Support Connection web site (http://support.novell.com). To use NDSDAV, you must have a browser (such as Internet Explorer 5) that supports WebDAV.
When you enable NDSDAV, it creates a web folder at the root directory of NetWare Enterprise Web Server. This web folder, called My Network , does not actually reside on your company's network. Instead, NDSDAV creates this web folder and its contents dynamically each time you access the web folder.
The My Network web folder marks the location of a personalized collection of web folders that provides you and the users on your company's network with access to NDSDAV features. Because you access the My Network web folder through WebDAV, this folder is available through any Windows workstation that is connected to the Internet and is running Internet Explorer 5 or above. You can access the My Network web folder by completing the following steps:
Launch your web browser.
Click the pull-down File menu, and then click Open.
Type the secure URL (https://) of your company's NetWare Enterprise Web Server, and click the check box to open this location as a web folder.
You must then log in to the NDS tree. Because you are sending your NDS username and password over the Internet, NDSDAV operates over the web server's secure port via Secure Sockets Layer (SSL).
"NDS passwords are always sent over the SSL channel with heavy encryption," Burton explains. "You have to use the SSL connection."
In addition, if you have used Novell Certificate Server 2.0 to create a Certificate Authority on your company's NetWare 5.1 server, your browser will display a pop-up box that asks you if you want to accept a certificate from that server. Among other things, this certificate determines the public-private key pairs that your browser and the NetWare 5.1 server use to encrypt the packets that constitute your SSL communication. (Novell Certificate Server 2.0 comes with NetWare 5.1 and is installed by default when you install NetWare 5.1. For more information about Novell Certificate Server 2.0, see "Novell Certificate Server 2.0: Is Your Network Certifiably Secure? "NetWare Connection, Jan. 2000, pp. 6-20. You can download this article from http://www.nwconnection.com/past.)
After you securely log in to the NDS tree, your browser displays all of the web folders and files at the root directory of the NetWare Enterprise Web Server to which you are connected. (See Figure 2.) You can then access the contents of the My Network web folder simply by clicking it.
Figure 2: NDSDAV creates the My Network web folder dynamically each time you open the root directory of your company's NetWare Enterprise Web Server as a web folder.
Depending on which NDSDAV features you enable, the My Network web folder can include the following web folders:
Directory Tree web folder
Organizational Unit web folder
Mapped Drives web folder
By default, NDSDAV names the Directory Tree web folder after your company's NDS tree. For example, if the name of the NDS tree were Rockhopper, NDSDAV would name the Directory Tree web folder Rockhopper. (See Figure 3.)
Figure 3: Clicking on the My Network web folder gives you access to the Directory Tree web folder. By default, NDSDAV names the Directory Tree web folder after the NDS tree.
When you double-click the Directory Tree web folder, NDSDAV uses WebDAV operations to return a view of your company's NDS tree. In this view, icons represent leaf objects, such as User and Group objects, and folders represent container objects, such as Organizational Unit (OU) objects. (See Figure 4.)
Figure 4: When you open the Directory Tree web folder, NDSDAV returns a view of your company's NDS tree. In this view, folders represent container objects, such as OU objects, and icons represent leaf objects, such as User objects.
If you then double-click an icon--for example, a user icon--NDSDAV returns an HTML page that allows you to see the properties, or attributes, of the NDS User object that icon represents. (See Figure 5.)
Figure 5: NDSDAV HTML pages enable you to see the properties, or attributes, of NDS objects. Through these pages, you can also add, delete, and modify those properties and add new objects to your company's NDS tree.
If you double-click a web folder, NDSDAV returns a WebDAV XML response that includes a list of the objects in the NDS container object that the web folder represents. (See "Directing WebDAV.") For example, if you click a web folder that represents a container object, NDSDAV returns a WebDAV XML response that lists all of the User, Group, and Printer objects included in that container object.
NDSDAV also allows you to modify, add, and delete attributes for NDS objects. You simply modify, add, and delete properties in the HTML page that NDSDAV returns when you open the NDS objects. (NDSDAV maps NDS attributes to WebDAV properties. For more information about WebDAV properties, see "A Grass Roots Effort.") You can also create new objects through the HTML pages that NDSDAV returns.
In other words, NDSDAV allows you to perform administrative tasks using Internet Explorer 5. You don't have to use additional software, such as ConsoleOne or the NetWare Administrator (NWADMIN) utility, to perform these tasks.
You may also want to use NDSDAV to distribute the responsibility for managing NDS objects. For example, you can use the NWADMIN utility to grant individual users trustee rights to their own User objects. These users can then use Internet Explorer 5 to keep the properties associated with those objects, such as telephone numbers, up-to-date.
NDSDAV also allows you to control rights to web folders by dragging-and-dropping user and group icons onto those folders. For example, if you want to make a certain user a trustee of a web folder that contains your company's internal web pages, you can drag-and-drop that user's icon onto that folder.
In addition, you can control rights to web folders through the Public and Private icons NDSDAV adds to your company's Directory Tree web folder. (See Figure 4.) These icons represent specialized User objects, the sole purpose of which is to grant and remove trustee rights. The NDSDAV Public icon enables you to make a web folder available to everyone who wants access to that folder. For example, you can drag-and-drop the Public icon onto the folder that contains your company's home page and web site directory page. These pages are then available to anyone with Internet access.
The NDSDAV Private icon, on the other hand, removes all trustee rights to folders. For example, suppose your company's president created a folder that contained an applet that could determine the dollar amount of employee bonuses. To control access to that folder, the president could drag-and-drop the Private icon onto this folder. The folder and its contents would then be accessible only to you, the network administrator, and to the creator of that folder--in this case, your company's president.
AN ORGANIZATIONAL VIEW OF THE NETWORK
The My Network web folder also gives you access to Organizational Unit web folders, each of which bears the name of an OU object in your company's NDS tree. For example, if your company's NDS tree contained an OU named bigwigs, NDSDAV would create an Organizational Unit web folder named ou=bigwigs.
If you double-click an Organizational Unit web folder, NDSDAV returns icons that represent the User and Group objects that you have defined for that particular OU object. For example, if you double-clicked the hypothetical ou=bigwigs folder in the example given above, NDSDAV would return icons that represent all of the User and Group objects that you have defined in that OU object.
You can then use NDSDAV to manage the objects contained in this folder just as you can use NDSDAV to manage the objects in the Directory Tree folder. For example, you can click a user icon to access the user's HTML properties page and then update that user's work telephone number. If you then click Save, NDSDAV saves the changes you made to NDS eDirectory.
You can also use the user and group icons in Organizational Unit web folders to control trustee rights to web folders. To grant a user rights to a web folder, you drag-and-drop the user icon onto the appropriate folder.
USERS SEE IT THIS WAY
If you use login scripts to set up mapped drives when you create an NDS user account, the user can access these mapped drives through NDSDAV. When a user enters the secure address of your company's NetWare Enterprise Web Server and logs in to NDS eDirectory via NDSDAV, NDSDAV uses WebDAV operations to retrieve that user's mapped drive information from NDS eDirectory. NDSDAV then uses this mapped drive information to redirect the user's access to those drives from the traditional filing system on the server to the web folders it creates as part of that user's Mapped Drive web folder.
Through this Mapped Drive folder, the user can then view (in the form of web folders) all of the network directories that are normally available on his or her workstation. In many cases, the user can also access applications in those directories through NDSDAV. (However, users cannot access applications that require traditional client-server file system drive mappings.)
By supporting mapped network drives, NDSDAV makes it easy for your company to enjoy the advantages of having a mobile work force. For example, with NDSDAV, your company can allow employees who have Internet access to work from home (or anywhere else they happen to be). As result, employees save time and money spent commuting to work, and the company saves the cost of providing office space for those employees.
UNLEASHING THE WEBMASTER WITHIN
When you create new user accounts, you probably also create home directories for those users. If you have enabled the User Home Directories feature in NDS eDirectory, NDSDAV can help users publish their personal HTML files to the web: Users simply create a public-html subdirectory in their home directory and then place their files in this subdirectory. For example, a human resources user could place files that contain information about company employment in this subdirectory. This information could include the status of resumes submitted to the company, the positions available, and the positions that have recently been filled. NetWare Enterprise Web Server then provides a shortcut from the subdirectory (which NDSDAV presents as a web folder) to the root directory of the NetWare Enterprise Web Server.
If you have enabled the User Home Directories feature in NDS eDirectory, NDSDAV can help users publish their personal HTML files to the web.
If you have configured NetWare Enterprise Web Server with a list of contexts for looking up individual users on your company's network, Internet users can access a particular user's personal HTML files by entering the following URL: http://NetWare Enterprise Web Server URL/~username. For example, if the URL of your company's web server were Sam.com and you wanted to access the personal files of Hortense, you would type http://Sam.com/~hortense.
You can configure your company's web server with a list of contexts to look up individual users by clicking the Global Settings link in NetWare Web Manager. (See Figure 6.) To access NetWare Web Manager from your browser, enter the following URL: https://NetWare Enterprise Web Server URL:the port your web server listens on.(By default, the NetWare Enterprise Web Server listens on port 2200.)
Figure 6: You can add users? lookup contexts to your company's NetWare Enterprise Web Server by clicking the Global Settings link in NetWare Web Manager.
If you do not configure your company's NetWare Enterprise Web Server with a list of contexts to look up individual users, Internet users can still access the personal files that users publish through their public-html directories. In this case, Internet users can access personal files by entering the following URL: http://
NetWare Enterprise Web Server URL/~the user's name.the name of the OU object in which the user's User object resides. For example, if the User object for Hortense were in the Marketing OU object, Internet users could access Hortense's personal HTML files by typing http://sam.com/~hortense.marketing.
SOMETIMES A UTILITY IS MORE THAN JUST A UTILITY
In its debut role, NDSDAV performs as a utility that uses open protocols to give you and other users wide-ranging access to your company's NDS tree. However, NDSDAV is capable of being more than a utility: NDSDAV can also be an application development tool.
Using NDSDAV as an application development tool, software developers can write web-based applications that access NDS eDirectory. For example, a developer could write an NDS-enabled application that gives a car salesperson remote access to the dealership's inventory.
In this case, the developer could extend the NDS schema to include a new object class that stores information about cars, such as each car's color, make, model, and sales status. The developer could then create an NDSDAV template file--an HTML file that NDSDAV uses to create HTML representations of the objects in an NDS tree--for this new object class. (For more information about NDS template files, see "Directing WebDAV.") The developer would then include programming instructions that place the template filein the sys:/novonyx/suitespot/bin/webdav/html/nls-4 (for English) directory on NetWare 5.1.
This developer would also modify the list of supported object classes in the webdav.conf file to include this new class. The webdav.conf file is stored in the sys://novonyx/suitespot/bin/webdav/html directory and contains the settings that WebDAV and NDSDAV read each time NetWare Enterprise Web Server is loaded.
This hypothetical application would then allow a salesperson to access information about the cars that are currently available to customers. Furthermore, this salesperson could modify this information. For example, the salesperson could change a property's status from available to sold in the HTML property file. This updated sales status would then be saved to NDS eDirectory.
Of course, you certainly don't have to be a software developer to appreciate NDSDAV, just as you don't have to be a webmaster to appreciate WebDAV. You don't even have to use third-party applications that use NDSDAV to appreciate NDSDAV.
All you have to do is launch your Internet Explorer 5 browser and access the My Network folder at the root of the NetWare Enterprise Web Server to see how easy and convenient NDSDAV makes routine NDS management. With NDSDAV, you can manage the objects in the NDS tree from anywhere--including the airport, while you're waiting for your Jamaica-bound airplane to arrive.
Furthermore, NDSDAV enables you to enlist users' help in managing NDS objects without having to install special software on these users' workstations. That is, while you're enjoying your vacation, users can manage their own User objects in the NDS tree. Managing NDS eDirectory doesn't get any easier or more convenient than that.
Cheryl Walton works for Niche Associates, an agency that specializes in writing and editing technical documents. Niche Associates is located in Sandy, Utah.
A Grass Roots Effort
The idea that the Internet should be a "collaborative, writeable medium" as well as a readable medium goes all the way back to the original vision of the Internet. (See "What Are the Goals of DAV?" in "DAV Frequently Asked Questions" at http://www.webdav.org/other/faq.html#Q2.) In fact, the first Internet browser, Tim Berners-Lee's WorldWideWeb, had both read and write capabilities. (Tim Berners-Lee is the director of the World Wide Web Consortium [W3C]. For more information about Berners-Lee and his WorldWideWeb browser, visit http://www.w3.org/People/Berners-Lee/WorldWideWeb.html.)
Although Berners-Lee's WorldWideWeb browser did not become the browser of choice for the fledgling Internet, the ability to use the Internet to create and modify data on web servers is as important today as it was when Berners-Lee created his browser. Fortunately, the Internet Engineering Task Force (IETF) and the W3C have joined forces to create a protocol that gives you this ability.
The IETF's WebDAV working group recently developed the Web-based Distributed Authoring and Versioning (WebDAV) protocol. WebDAV extends HTTP 1.1, a protocol for sending and receiving data over the Internet, to include commands that allow you to copy, move, create, and edit data over the Internet.
In addition to using HTTP 1.1 operations, WebDAV uses Extensible Markup Language (XML) to define the following types of operations:
WHAT'S IN A NAME?
WebDAV namespace operations enable you to manipulate resources--data and services that you can locate using a URL--running on a web server. Specifically, WebDAV namespace operations enable you to copy and move these resources.
WebDAV COPY and MOVE operations include a request header that allows you to specify whether or not you want to use these operations to overwrite a resource that already exists at the destination URL. If you want to overwrite a particular resource--a web page, for example--you set the value of the overwrite request header to T (true). For example, if you want to overwrite an existing web page with an updated version of that page, you copy the updated web page to the URL of the existing web page with the COPY overwrite request header set to T.
If you do not want to inadvertently overwrite a resource at the destination URL with a COPY or MOVE operation, you set the value of the overwrite request header to F (False). In this case, if a resource already exists at the destination URL, the COPY or MOVE operation fails. You then change the destination URL to one at which a resource does not already exist. (For a more in-depth explanation of namespace operations and other operations, see Request For Comments (RFC) 2518. You can find this document at http://www.ietf.org/rfc/rfc2518.txt.)
THE WHOLE KIT AND CABOODLE
WebDAV defines collections to enable you to perform operations on groups of web resources rather than on individual web resources. A WebDAV collection is a resource that contains internal members, such as a group of related web folders or other resources. To create a collection, you use the MKCOL operation.
For example, you could create a collection named hrdocumentation, which would reside at http://www.hereis.com/hrdocumentation. The internal members of this hypothetical collection might be web pages--such as vacationpolicy, sickleavepolicy, and promotionpolicy--that would reside at http://www.hereis.com/hrdocumentation/vacationpolicy, http://www.hereis.com/hrdocumentation/sickleavepolicy, and http://www.hereis.com/hrdocumentation/promotionpolicy respectively.
Like all WebDAV resources, WebDAV collections must support all of the operations that WebDAV defines, such as MOVE and COPY operations. That is, if you want to move the web pages that comprise your company's human resources web site to another web server, you don't need to perform a MOVE operation for each page. Instead, you can use the MKCOL operation to create a collection that has these web pages as members. You can then use one MOVE operation to move this collection resource, members and all.
WebDAV also defines properties that provide data about a given resource. For example, a resource may include the following WebDAV properties, among others: author, creationdate, lastmodified, and lockdiscovery. (The lockdiscovery property enables you to find out if a particular feature is currently write-locked.) The value of these properties, such as the surname of a web page's creator, must be written in XML.
In addition, WebDAV defines two operations that allow you to use and manage these properties, the PROPFIND and PROPATCH operations. You can use the PROPFIND operation to retrieve the properties defined for a given resource, including collections. For example, you can use the PROPFIND operation on a collection of business forms to find the creation date of the collection and the creation date of each member (or business form) in that collection.
You can use the PROPATCH operation to add, change, or remove a value for any property that is defined on a given resource. For example, you can use PROPATCH to add the nameof a resource's author.
TICK TOCK THE GAME IS LOCKED
To prevent two or more people from editing a particular resource simultaneously (a practice that often results in lost edits), WebDAV also defines LOCK and UNLOCK operations. (However, WebDAV-compliant servers are not required to support LOCK and UNLOCK operations.) The LOCK and UNLOCK operations can allow your company's web server to control access to the resources running on it.
For example, a WebDAV-compliant server that supports the LOCK operation can require users to perform a LOCK operation before editing a resource running on that server. This server can also require users to perform an UNLOCK operation when their edits are completed. In other words, a WebDAV-compliant server can help ensure that a user cannot accidentally overwrite another user's edits.
If the WebDAV server supports exclusive or shared locks, a user or a group of users can also control write access to a resource by performing an exclusive or shared LOCK operation. (Novell's WebDAV-compliant server, the NetWare Enterprise Web Server, supports only exclusive locks.) For example, a group of authors could establish a shared lock on a collection of web pages for the maximum timeout period allowed by the web server. (The timeout period is the time after which a LOCK operation expires). These authors would then be the only users with permission to modify the pages in this collection and could then agree among themselves on a strategy to prevent accidental overwrites.
WebDAV-compliant servers that support LOCK operations assign a lock token to each user requesting to lock a resource. A lock token is a Uniform Resource Identifier (URI) that is "unique across all resources for all time." (See RFC 2518, p. 15.) Unlike a URL, which identifies an address where you can access a particular resource, a URI can be any string of alphanumeric characters that identifies a particular resource--including a URL.
For example, if a group of five users requests a shared lock on a folder that contains several web pages, the server would generate five lock tokens--that is, five unique strings of alphanumeric characters (one for each requesting user). The server would then generate a lockdiscovery property for the collection, to which it would add the five newly generated lock tokens as property values.
Finally, the server would return the lock tokens to the requesting users in its response to the LOCK operation request. Each of these five users would then have to submit his or her lock token with a request to modify a web page in this collection.
A PROTOCOL'S PROGRESS
As useful as WebDAV is now, it will be even more useful in the future. As the name of RFC 2518--"HTTP Extensions for Distributed Authoring--WEBDAV"--implies, and as the list of capabilities above confirms, WebDAV still lacks versioning capabilities. Versioning provides a means by which you can track the various versions of a project over time. The ability to track versions enables you to construct a project history that can, among other things, help you identify a change that resulted in an error so that you can quickly correct the error.
The IETF is currently working on Delta-V, an extension to the WebDAV protocol that will extend WebDAV to include project versioning. That is, Delta-V will address the V in WebDAV, enabling you to edit web resources and record important revisions to those resources, all on the web server. (For more information about Delta-V, visit http://www.webdav.org/deltav.)
A Web-based Distributed Authoring and Versioning (WebDAV) plug-in is installed automatically when you install NetWare Enterprise Web Server on NetWare 5.1. This plug-in enables you to take advantage of third-party web authoring tools that use the WebDAV protocol. For example, sitecopy, an open-source program that synchronizes file changes made on a workstation to a web server, uses WebDAV to communicate with that server. (For more information about sitecopy or to download its source code, visit http://www.lyra.org/sitecopy. For more information about third-party programs that use WebDAV, visit http://www.webdav.org/projects.)
The WebDAV plug-in for NetWare Enterprise Web Server also includes Novell Directory Services Distributed Authoring and Versioning (NDSDAV) to help you manage NDS eDirectory. To do this, NDSDAV uses several WebDAV operations, including the following:
PROPFIND enables you to read the properties associated with resources on your company's web server. For example, the properties associated with a web page may include the author of that page. (The WebDAV specification defines data and services on the web server as resources and also defines properties as data about those resources. For more WebDAV definitions, see p. 7 of Request For Comments [RFC] 2518 at http://www.ietf.org/rfc/rfc2518.txt.)
GET enables you to retrieve (or to open) a file from a web server.
POST enables you to save a file to a web server.
MOVE enables you to move a resource from one location to another.
COPY enables you to copy a resource from one location to another.
GET and POST are HTTP 1.1 operations. WebDAV extends HTTP 1.1 to include several new operations, including PROPFIND, MOVE, and COPY. (For more information about these and other WebDAV operations, see "A Grass Roots Effort.")
"You can't move or copy an NDS eDirectory object out of the NDS world into the file world. That doesn't make sense," Burton explains. "What does make sense as a drag-and-drop operation is to assign a trustee."
If you want to use Internet Explorer 5 or above to access resources at the root directory of NetWare Enterprise Web Server as web folders, your browser will issue a PROPFIND request. (For a detailed explanation of how to access resources at the root directory as web folders, see the "Got NetWare 5.1?" section of the main article on.) NDSDAV replies to this PROPFIND request by listing all of the files that are in the root directory as web folders, including the My Network web folder that NDSDAV creates.
The My Network web folder is a collection of web folders, including the web folders that represent your company's NDS tree and the Organizational Unit (OU) objects in that tree. When you click one of these web folders, your browser again issues a PROPFIND request. NDSDAV replies to this request by listing the container, Group, User, and Printer objects that reside in the part of the NDS tree that the web folder represents. For example, if you click on an Organizational Unit web folder, NDSDAV lists the Group and User objects in the OU object that the web folder represents. (See Figure 4.)
If you then click on a particular NDS object--such as a User object--in the list that NDSDAV creates, your browser makes a GET request. NDSDAV responds to this GET request by presenting an HTML form that represents that object. (See Figure 5.)
NDSDAV generates these forms from template files that contain HTML comment tags. NDSDAV uses these tags to retrieve attributes from NDS objects. For example, NDSDAV uses a comment tag to retrieve the distinguished name of an NDS object.
You can use these HTML forms to add or change the attributes associated with an object. For example, you can update the postal address associated with a User object. When you click Save to save these changes, your browser makes a POST request. NDSDAV replies to that request by taking the information in the request and writing that information to NDS eDirectory.
MOVE AND COPY
By default, NDSDAV interprets a MOVE or a COPY request from a browser as an ASSIGN TRUSTEE operation. ASSIGN TRUSTEE is an NDSDAV-specific operation that allows you to assign trustee rights to a web folder by dragging-and-dropping a User or Group object onto that folder. (WebDAV would normally interpret a drag-and-drop request from a browser as either a MOVE or COPY request. For more information about WebDAV MOVE and COPY requests, see the "What's in a Name?" section in "A Grass Roots Effort.")
"You can't move or copy an NDS eDirectory object out of the NDS world into the file world. That doesn't make sense," Burton explains. "What does make sense as a drag-and-drop operation is to assign a trustee."
For example, suppose you wanted a particular user, such as a department supervisor, to have trustee rights to all of the resources in his or her departmental web folder. To grant these trustee rights, you could drag-and-drop that supervisor's User object onto the departmental web folder. You could also drag-and-drop trustee rights to web folders using the Public and Private icons that NDSDAV creates in the My Network web folder.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.