Here are the LDAP_options section: $LDAP_options = array ( 'server' => 'abc.acme.com', 'domain' => 'abc.acme.com', 'search_attr' => 'uid', 'group_attr' => 'memberof', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600, ); Authentication works fine.. Just AD group membership is failing. Tim Manochehri Sr. Unix Systems Engineer Bluedof California {EDH} Desk: 916-350-8819 Cell: 916-203-5724 How am I doing? Send a note to my Boss Please see our website for more info on SFTP related tasks. http://www.myworkpath.com/sftp **Internal use only** Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Manochehri, Tim Sent: Thursday, August 11, 2011 9:33 AM To: racktables-users@xxxxxxxxxxxxx Subject: [racktables-users] Re: AD groups do not work for Write permission. This is in our secret.php file. $user_auth_src = 'ldap'; $require_local_account = FALSE; So its safe to say it is suppose to be Full LDAP. Both Authentication and Group Membership should work - correct? Tim Manochehri Sr. Unix Systems Engineer Bluedof California {EDH} Desk: 916-350-8819 Cell: 916-203-5724 How am I doing? Send a note to my Boss Please see our website for more info on SFTP related tasks. http://www.myworkpath.com/sftp **Internal use only** Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: racktables-users-bounce@xxxxxxxxxxxxx [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Denis Ovsienko Sent: Wednesday, August 10, 2011 10:37 PM To: racktables-users@xxxxxxxxxxxxx Subject: [racktables-users] Re: AD groups do not work for Write permission. > Verified user is in the gs-netcool-noc Group name in AD. If I tag the > user with the NOC Team group then login I get the write permissions. Untag it I can only view objects. > > Please advise... The reason may be that the LDAP groups are not translated into "lgcn" autotags. In that case the Permissions handling code wouldn't have the input facts necessary to make the decision to "allow". To check if the autotags are there, trigger a "permission denied" message for the user. Once there are no "lgcn" autotags in the dump, this means that LDAP group mapping is not configured (properly). In this case the following page should help: https://sourceforge.net/apps/mediawiki/racktables/index.php?title=LDAP -- Denis Ovsienko