I'm using UCSD 5.2 and have setup LDAP integration to my Active Directory domain controllers (SSL, port 636). I'm getting a list of AD objects, I know that is working.
In our AD, users are in an OU named _Users and groups are in an OU named _Groups, both OUs are at the same level, so there are no user accounts in the _Groups OU and no groups in the _Users OU. I can specify a users OU in the Search Base and I see all the users listed in the Login Users tab and I can log in using a test user because it has automatically been allocated the 'Service End-User'.
Normally, in AD, we assign users to a specific group (like DOMAIN\UCS Portal Users) and would want to assign permissions using the AD groups. If I specify a Search Base of _Groups I can see the AD groups but I don't see the users any longer. I cannot login when I can't see the users.
What is the proper way for me to use the existing AD groups and allow several thousand users access to the UCSD user portal?