Is there a way to bind all LDAP users logging into a machine to a standard user account on the computer? Is there a login script available anywhere on how to set this up? We have been using a default refresh directory from the standard user template folder so that our students have the same user experience when logging in to a computer. We utilize both login and logout scripts currently that are hidden on the computers to refresh the user's directory once a new student logs in. The issue with SIP being enabled is we have not been able to get this to work since Apple has locked down the default user template folder in Mojave. Our refresh script does not work unless we disable SIP and then it works fine. We'd like to keep SIP enable on our computers. Any help on this would be greatly appreciated.
