I've heard that in NetWare 3.x and 4.x users can only inherit rights from a maximum of 32 groups.
Articles and Tips: qna
01 Jul 1999
Q.
Dear Ab-end: I've heard that in NetWare 3.x and 4.x users can only inherit rights from a maximum of 32 groups. Why is that, and is this limitation eliminated in NetWare 5 and NDS 8?
—Grappling with Groups
A.
Dear Grappling: According to Ahmas Sadeghpour of Novell, this limitation was indeed fixed in NetWare 5 and is also included in NDS 8.
As for why the limitation existed, here's a quick history. In the NetWare 3.x Bindery, a User object contains two properties that apply to security equivalences: GROUPS_IM_IN and SECURITY_EQUALS. The values that these properties point to are made up of one or more 128 byte segments, divided into 4-byte entries, allowing one segment to contain up to 32 groups or user objects. For example, if a user is made a member of 35 groups, the first 32 groups would be kept in the first segment and the last 3 groups would be kept in the second segment.
Therefore, the user would inherit rights only from the first 32 groups and not from the last 3 groups. Even if the user were removed from 3 of the first 32 groups, that user would still not inherit rights from the last 3 groups unless you ran the BINDFIX utility after the user was removed from the groups.
The same type of limit applies to NetWare 4.x users as they pertain to security equivalences. However, the information in Novell Directory Services is stored in 2-byte entries, so the maximum number of groups or user objects was increased from 32 to 64 in NetWare 4.x.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.