inGOT Notification #010010

Delay in BorderManager Controlling Internet access

Information in this article applies to:

- inGOT v3.x and v4.x
- BorderManager versions only

Overview

User access to the Internet is controlled by inGOT adding or removing user accounts from an ‘Internet Access’ NDS group object (or multiple objects). Actual Internet access control is achieved via the BorderManager rule set and the ACLCHECK Netware Loadable Module. (For example, if a DENY rule is setup in the BorderManager rule set that denies access to all users in an ‘Internet Deny Access’ NDS group, then when inGOT adds users to this group their Internet access will be blocked).

However, there can be a considerable delay between the time when inGOT changes the Internet access status of a user (by adding or removing them from the ‘Internet Access’ NDS group) and when BorderManager (via the ACLCHECK NLM) determines this fact and actually changes the users’ access status.

Solution

Novell have released a new version of the ACLCHECK NLM which has some additional run-time (command-line) switches. One of these is the ‘/G’ switch. When this switch is set ACLCHECK checks a timestamp on all rule set group objects to determine if the object has changed. If a change has occurred ACLCHECK re-checks the rule set immediately.

There are some pre-requisites to use this new version of the ACLCHECK NLM. Further information is available from Novell Technical Information Document number: TID10065923 (section 3.1.4)

The link to this TID is: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10065923.htm

For further clarification please contact the Liverton support team at .

Copyright Liverton Ltd. ©2002