You're correct that IMAuth interfaces with AD via LDAP - for cross-platform compatibility reasons - but this doesn't inherently prevent it from doing what you're looking for. There are actually two problems:
1. The level of the tree in which IMAuth looks for users is fixed by the Base DN; it ignores nested items, as you guessed. 2. While IMAuth handles authentication, authorization is still performed by IM. When a completely new user authenticates via AD for the first time, a user entry is created for them in IM. This user is made a member of the whatever group was specified in the 'Default Group' drop-down on the 'Use Remote Auth Server' dialog. Off-topic, the drop-down should exist right on the Users pane; it doesn't make sense for it to be on that separate dialog, and we'll be moving it. But what this means is that even if your nested users could authenticate, they would initially all be members of the default group, rather than the separate IM groups you've created to restrict access to the individual LANs. You would have to re-assign them individually. So unfortunately it's not possible to do what you're looking for, but I will create enhancement requests for both of these, to bump them up on our development radar. ----------- David Schnur Dartware, LLC -------------------- m2f -------------------- Read this topic online here: http://forums.dartware.com/viewtopic.php?p=3570#3570 ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [email protected]
