Fix FileMaker external authentication problems with dsmemberutil

Today I switched the group membership of one person in Open Directory to change their external authentication account and thus their FileMaker privilege set.  The change did not take effect and the user retained their existing privileges. I fixed the problem by using the command line directory service member utility.

My first advice is that you read the man page on the topic by typing into terminal man dsmemberutil and perhaps reading about FileMaker LDAP authentication as well.

The first thing I did was check group membership on the client machine by typing:

sudo dsmemberutil checkmembership -u 1234 -g 5678

You will need to replace 1234 with the user ID of the person you are testing and the 5678 with the group ID of which you are testing membership.  If the user is not a member of the group, terminal will respond with

user is not a member of the group.

If the user is a member of the group, then terminal will respond with

user is a member of the group.

Perform this check on both the client machine and the FileMaker Server machine.  If either gives information that is contrary to the current configuration of the user in Open Directory then you need to flush the directory cache.  This can be accomplished by typing

sudo dsmemberutil flushcache

You can run dsmemberutil checkmembership again to verify all is correct.  FileMaker external authentication should work correctly when all machines see proper group membership.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.