Today I switched the group membership of one person in Open Directory to change their external authentication account and thus their FileMakerÂ privilegeÂ set. Â The change did not take effect and the user retained theirÂ existingÂ privileges. I fixed the problem by using the command line directory service member utility.
The first thing I did was check group membership on the client machine by typing:
sudo dsmemberutil checkmembership -u 1234 -g 5678
You will need to replace 1234 with the user ID of the person you are testing and the 5678 with the group ID of which you are testing membership. Â If the user is not a member of the group, terminal will respond with
user is not a member of the group.
If the user is a member of the group, then terminal will respond with
user is a member of the group.
Perform this check on both the client machine and the FileMaker Server machine. Â If either gives information that is contrary to the current configuration of the user in Open Directory then you need to flush the directory cache. Â This can be accomplished by typing
You can run dsmemberutil checkmembership again to verify all is correct. Â FileMaker external authentication should work correctly when all machines see proper group membership.