Ryan, you're right, I had already looked at dscl, dseditgroup and
their ds* brethren but I don't think I would be able to add additional
AD users or groups to my existing OD groups without knowing their
OSXS-generated GeneratedUID to add to NestedGroups at the very least.
Thanks for the suggestion, I think I may have to look at a third party
tool like ADmitMac or Likewise Enterprise to accomplish this.
Pepijn.
On May 29, 2008, at 12:26 PM, Ryan S. Johnston wrote:
I feel your pain. This is a gripe I've had with WGM for a while
now. There are scripts available in the wild and the dscl command
that can help you achieve this from the command line. I've done it
with 10.4 not sure if much has changed in 10.5. afp548.com is a good
resource to check out for information on this. However I do wish WGM
performed a little better, in our distributed environment I have
admins that won't even consider using the system if they can't use
the GUI. :-(
Ryan S. Johnston
CISS Systems
Illinois State University
Julian Hall 153
Campus Box 3430
Normal, IL 61790
309.438.3919
Pepijn Bruienne wrote:
All,
I'm trying to find a workaround for the standard 1000 record limit
AD imposes on LDAP searches as performed by WGM as I trudge along
the path to implementing the sacred Golden Triangle. My XServe is
running a freshly installed and updated 10.5.3 as of this morning
but this particular issue has been around since 10.5 and probably
before that.
As most of you know AD out of the box has a self-imposed 1000-record
limit per page for any search, as defined by MaxPageSize. My AD
admins have already made it clear they are not willing to up the
default MaxPageSize number so I must come up with something on my
end. This wouldn't be as big a deal if WGM would either implement
paging or perform a fresh search on the entire LDAP DB with my
fairly narrowly defined query which in my particular case is "all
groups that have 'Mac' in their name" which when run in the "AD
Users and Groups" tool on Windows returns less than 50 records.
Instead WGM seems to pull a random 1000 records on which it then
appears to perform the search. I say "appears" since typically none
or only a few of the records I am looking for are among this
1000-record range when manually scanning through the list and thus
searches come up mostly empty or incomplete. Has anyone figured out
a way to either have WGM perform a "fresh" search or better, come up
with a way to implement paging as supported by AD? I am not going to
be able to add all my needed AD users and groups to their
appropriate OD groups if I can't pull them up using the WGM search,
unless there is a manual method of adding AD users to OD groups by
GUID or somesuch. Any insight would be much appreciated.
TIA,
Pepijn.
---
Pepijn Bruienne
Mac OS X Systems Administrator
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
---
Pepijn Bruienne
Mac OS X Systems Administrator
email@hidden
