active directory groups - need feedback

We're looking into supporting active directory groups...
Just wondering

Do you have nested groups in your active directory configuration?

In what way are you planning to support them?

Is this going to be a feature that we can apply racks based on group membership? If so, is it going to be a setting that can be applied in AD? I think this would be great!

Policy Manager is what we're looking at...

Groups would be a great addition to the ad connector or policy manager. Has anyone thought of trying to implement RADIUS authentication? Just a thought.

Keep up the good work :) I know you guys have been busting your asses this Q.

Quote:

---

Originally Posted by dmorris

we're looking into supporting active directory groups...
Just wondering

do you have nested groups in your active directory configuration?

---

please please please!!!!

This would be greatly welcomed by large enterprise, especially school districts.

Yes, we do. Many!
Think of the schools. In our case 1 organisation, under which 5 schools, multiple departments per school.
Employees are divided into (one or more) groups based on department and function.
Students are divided into (one or more) groups based on year, department, classes, sub-classes.
Nested in that order, and subject to many changes and relocations during the course of a year.

This would be a much needed addition. I have our AD broken out in Staff then the students in groups based on graduating year. This would make it very helpful. Thanks.

also consider Opendirectory (Mac) or Edirectory(Novell) or iDirectory(Ibm LDAP), using the method PROACTIVENS mentioned. I dont know if this would be relevent or not, it deals with setting up ISA Server to use this kind of authentication for proxy access.

http://technet.microsoft.com/en-us/l.../cc302562.aspx
http://www.securepoint.de/dokumente/...Settings-e.pdf

While you're looking at groups... consider OU as well.

Quote:

---

Originally Posted by sky-knight

While you're looking at groups... consider OU as well.

---

GOOD idea!

Any time frame on Group implementation. I work for a school and want to give teachers and students different levels of content filtering. The problem is that it would be just too time consuming to implement and maintain this by usernames only and IP addressing won't work either because teachers and students use the same computers often.

-bj

Quote:

---

Originally Posted by bj@rcsu.org

Any time frame on Group implementation. I work for a school and want to give teachers and students different levels of content filtering. The problem is that it would be just too time consuming to implement and maintain this by usernames only and IP addressing won't work either because teachers and students use the same computers often.

-bj

---

How many teachers do you have?

While were talking about the ad connector here, I think it would be worth while to at least contemplate the addition of other LDAP servers into the product. Mac and linux ldap for example.

I have about 100 teachers and 400 students. While dealing with 100 usernames is not out of the question, Untangle doesn't even alphabetize them so I have to filter through 500 random users just to try and locate "smithj", times that by 100 and it is not worth the time. Plus I don't want to have to remember to add a user to the untangle box every time our personnel changes.

-bj

P.S. I am doing a presentation on Untangle at the FOSSED conference in Main this June. I know the question of weather teachers and students can have different policies will come up. As of now my response will be: unless the AD is less then 50 users it is probably not worth the time. I'd rather say it can be done with 2 check boxes.

Quote:

---

Originally Posted by dmorris

We're looking into supporting active directory groups...
Just wondering

Do you have nested groups in your active directory configuration?

---

Excellent idea ! It will make the AD connector/Policy Manager a better product.
Don't forget about OUs.

Quote:

---

Originally Posted by proactivens

While were talking about the ad connector here, I think it would be worth while to at least contemplate the addition of other LDAP servers into the product. Mac and linux ldap for example.

---

I second that! We would like to use UT so our Teachers, Students and Staff and guests can have their own policies. We do not use AD. We use LDAP.

Lannie

count me in great idea we use nested groups and some nested OU's

also I realy like the radius idea

We also use multiple levels of nested ad groups, and would like to see that support built into UT. As an EDU that would make UT hands down the ideal for our environment.

The UNTANGLE active directory support is completely useless to use without groups. Access to everything on our network is group based. For example the group "all students" is made up of groups yr9, yr10, yr11, yr12, yr13 and there could be 300 -350 in each year group.

I purchased the AD connector a year ago thinking that group support was included... I couldn't even think of a scenario where I wouldn't use it.

Unfortunately it has been totally useless to me without it... so yes, I concur that group support, and to some degree OU, is totally essential.

Please add this feature ASAP. Critical!!!

Quote:

---

Originally Posted by proactivens

While were talking about the ad connector here, I think it would be worth while to at least contemplate the addition of other LDAP servers into the product. Mac and linux ldap for example.

---

I second this. :) When I was messing around with a LDAP program I was trying to use the mac built in diradmin account to query the LDAP users and it never worked. When I finally did the query as an anonymous account it worked.

I'm not sure if this helps the programmers or not, but thought I would add it.

Lannie