I'm trying to duplicate my eDir configuration in AD, and I'm running into some trouble with backend group configurations.
Does AD authentication have a restriction that backend groups have to point to actual group objects and can't point at OUs? Remembering to put every user into an extra group at creation time will be obnoxious, to say the least.
TIA,
Adam
- eDir and AD are mirrored, so both structures are the same.
- I have a Students backend group created on the ASG for eDir that points at the OU that contains all of my students, and the Filter Assignment using that group. Everything works fine.
- When I create a backend group for AD that points to the same OU, the proxy profile applies the fallback action, seemingly not recognizing any group membership.
- As a test, I added individual users to the backend group; no joy. (I think this is the same in eDir, however)
- If I add an actual AD group object to the backend group, it seems to works fine
Does AD authentication have a restriction that backend groups have to point to actual group objects and can't point at OUs? Remembering to put every user into an extra group at creation time will be obnoxious, to say the least.
TIA,
Adam