We're running into the Self Service bug with LDAP-user-scoped groups where policies sometimes return the "item is no longer available" error. This is causing a lot of issues with our technicians, since LDAP-gating is required for device provisioning and other security-sensitive policies.
I am looking into options to bypass LDAP scoping and restricting policies another way. Has anyone come up with a method to authenticate an AD user in a bash script? I just need to validate the user's credentials against AD, and the system is not bound to AD yet.
It’s not that you can’t validate against AD with a script. It’s that Self Service has no mechanism to receive input from stdout in the Terminal even if you you could. You have to rely on the LDAP framework within the app to validate user accounts.