Tim, It doesn’t look like your scheme gets access privileges from Windows Active Directory, instead you are getting them from your Users table. Is that correct? Do you also use 4D Users & Groups to define Groups to manage access to application features? So you don’t use the LDAP commands to get 4D Groups for the authenticated user?
The benefit of that is that the system administrators don’t need to know anything about how to edit 4D Users & Groups or update a custom User & Groups system (which appears your case). Another question that comes to mind is why can't something similar to this work under MacOS? Isn’t there an LDAP equivalent for MacOS? Tom Benedict > On Jan 5, 2019, at 19:34, Tim Nevels via 4D_Tech <[email protected]> wrote: > > 4D SSO implementation boils down to a single command “Current client > authentication”. Use that instead of “Current system user” command. This will > give you a guaranteed Windows login name that has been authenticated via > Windows Active Directory. This gives you reliable user identification. > > Once you have a user login name you can depend on — that’s what SSO and the > “Current client authentication” command does for you — you can then check if > that user login name is allowed into your database. In my case I just check > for a record in the [Users] table. > ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
