[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 10.4.3 nest AD groups in OD groups - FIX

Subject: Re: 10.4.3 nest AD groups in OD groups - FIX
From: Josh Wisenbaker <email@hidden>
Date: Wed, 30 Nov 2005 00:05:50 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden


On Nov 29, 2005, at 10:56 AM, Justin Krisko wrote:

The reason I could read group membership in panther was because of the way it pulled down the group info directly and stored them in the ADGroupCache.plist - which ironically bypassed the security the AD admins had setup! Also interesting is that by default any user can read group membership of a domain admin - should have seen their faces when I showed them that :)

Good catch. I can't tell you how many people had nothing but heartache because of the old style GroupCache. We are going to be much better off with memberd.

I really should have worked all this out a lot sooner......


Heh. I think we can all say that about any number of things at work. :-)

Josh

--
Josh Wisenbaker, ACSA
http://www.afp548.com
Breaking my server to save yours.

--
Josh Wisenbaker, ACSA
http://www.afp548.com
Breaking my server to save yours.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden

References:
	>Re: 10.4.3 nest AD groups in OD groups - FIX (From: "Justin Krisko" <email@hidden>)

Prev by Date: Re: Applecare or Self-Repair
Next by Date: Re: One More Time on Forced Preferences
Previous by thread: Re: 10.4.3 nest AD groups in OD groups - FIX
Next by thread: RE: 10.4.3 nest AD groups in OD groups
Index(es):
- Date
- Thread

Home