Thanks for the responses.
There are no security errors on the AD box we are connecting
to, and I
am fairly confident that isn't the issue (I tested this
possibility
using a domain admin account as the manager proxy).
http://ingeniweb.sourceforge.net/Product
s/GroupUserFolder/doc/README-LDA
P.html seems to indicate in the 'Groups Support Info'
section that
adding groups should be supported though.
We are interested in this due to the division of roles in
our IT shop.
The Networking team manages Active Directory, and the web
team manages
authorization in what will soon be a rather large Plone
installation (we
will be looking at somewhere near 100 subdirectories with
unique
permissions).
While there are other solutions (request new groups from the
NIS team,
grant web team users limited access to AD, etc.) it would be
a bit more
elegant imo to use the zmi - which will be familiar - to
manage the
groups rather than accessing AD directly. This would seem
closest to the
default plone behavior, and would simply be swapping out
where the users
and groups are stored.
Christopher Emery
Information Technology Services
Central Piedmont Community College
704.330.6809
chris.emery cpcc.edu
-----Original Message-----
From: Alan Runyan [mailto:alanenfoldsystems.com]
Sent: Friday, April 07, 2006 12:18 PM
To: Chris Emery; setuplists.plone.org
Subject: RE: [Setup] LDAPUserfolder and Active Directory
groups
management
I do not believe that operation is supported.
Check your event logs on server to see if your getting a
security error.
This is probably not a good idea in the long term.
Alan
_______________________________________________
Setup mailing list
Setuplists.plone.org
http://
lists.plone.org/mailman/listinfo/setup
|