4 Replies Latest reply: May 10, 2013 2:42 AM by Simon Slavin
C Waltner Level 1 Level 1

Hello,

 

I want to assign certain network users the ability to login via browser to the profile manager for 10.8.x server and add/remove other users from user groups.  Think teachers managing their class rosters, if the class was a group and the users their students.  I do not want any other admin funtionality beyond that for them.

 

Suggestions?

  • Simon Slavin Level 4 Level 4

    You currently do this in Workgroup Manager, using the 'Privileges' tab.  It works the way you want it to work, but I don't know of a way of doing it in Profile Manager.

     

    http://support.apple.com/kb/DL1567

  • MrHoffman Level 6 Level 6
    expertise.macosx
    Mac OS X

    An app accessing LDAP could be coded to do this for you, too.  Could well be implemented as a web app via authenticated https, or something that's installed on the instructors' iOS (or OS X or Windows or Linux...) devices and connects to the domain from there.  If your kids are old enough, corral a few of your more code-savvy ones and hand them this project.  (They'd probably have a blast learning how to do this, too.)

  • C Waltner Level 1 Level 1

    Thanks for the information.  Looking at my 10.7 Lion servers, I see what you are referencing in Workgroup Manager.  However, on my testbed 10.8 Mountain Lion server, I'm only getting Full and None as options for administrative levels.  Has the Limited option and subsequant suboptions been dropped in 10.8 or did I either incorrectly import my user list or setup the OD in some fashion?

     

    Can anyone confirm that they have Limited as an admin priviledge level on a 10.8 server?

  • Simon Slavin Level 4 Level 4

    Well thank you for being so polite.  Yes, on looking on my 10.8 server, I have the same thing.  How annoying.  I have no idea how to answer your question.  If the management abilities are no longer in Workgroup Manager then there's a change that the server doesn't pay any attention to the settings, so manually changing settings in LDAP won't have any effect either.

     

    At least I can verify that it's not just you who gets that result.  I wonder what happened and how we're meant to do this now.