Users and Groups from Active Directory
I've been happily using Mindtouch 10.0.2's AD integration in a small business for months now, but noticed that whenever I register a new AD User in Mindtouch, I simply can NOT assign this user to an AD group. The group names coming from the AD are grayed out and unselectable.
Therefore it is strange, that I do see a few member users in the group management page.
If I click on the number of users link in this table, I also greeted with a 'Users cannot be set for external groups.' message on the upcoming user list.
This all sparked a few questions in my mind:
- What is the design principle behind using ActiveDirectory groups? What does MindTouch try to achieve with such groups?
- Why is it not possible to assign an AD user to an AD group if these two are from the same AD?
- Actually, why do one need to register a user in the first place if an AD group is already registered and I set the user as a member of this within ActiveDirectory?
Honestly, to me the most logical approach would be to allow the assignment of any AD user to any AD group as long as they both use the exact same authentication source.
Or, better yet, to allow not registering any particular user at all, only AD groups. Let ActiveDirectory decide whether the user trying to log in is a member (and therefore allowed to log in) to any registered groups or not.
Does anybody know why a new record I manually inserted into the user_groups table gets erased as soon as the particular user logs in / logs out? This renders my manual DB workaround to the above issue useless.
Many thanks to any insight!
Im having the exact same problem. I have been working with the same group of people fo about half a year now. And today new groups and new users ar starting to work on the wiki, but I can nt assign them to any group, they are all grayed-out. I can not remember how I did this with the first group of people. We did not do any upgrade at all.
Anybody an idea?
Sorry, skip the above post! I now found that, indeed you can not change a users group. But when I delete the old group from the group-list, add a new group, and the user logs in again: the user is automatically put in te new group. No problem.
Tags for this Thread