In 10.3 I used to be able to drag users from our active directory
(via LDAP) into open directory groups with WGM. Now in 10.4 we talk
to the AD with the AD plugin and I can't add AD users to OD groups.
The + sign in the green circle appears when I drag them over but
nothing actually gets added to the group.
I haven't been able to try with the LDAP plugin instead as there is a
bug in the way it talks to large AD setups (we have >100k users).
Does anyone know if this should work or not... If I manually add the
user's short name to the GroupMembers attribute, the system seems to
think they are a member (the groups command returns the appropriate
groups) but this isn't really an option for us.
The only thing we use user groups for is controlling who can log on
to certain machines so I can write a loginhook that will check a list
somewhere but it was quite elegant under 10.3 and I'd llike to have
it work the same way if possible.
Any thoughts welcome,
-geoff
______________________________________
Geoff Lee <email@hidden>
Computing Support, Architecture
School of Arts, Culture and Environment
University of Edinburgh
20 Chambers St,
Edinburgh, Scotland,
EH1 1JZ
Tel: +44 (0)131 650 8020
______________________________________
