AD authentication is working fine for me, but since the “Employees” and “Groups” OUs are siblings, I went through a little creative search filtering to get only real users (equivalent of in the “Employees” OU) and groups with people in the search results–and it still doesn’‘t work 100%. Here’'s what I have:
I tried using search filters like this:
(&(objectClass=group)(ou:dn=employees))
But it completely failed. Any ideas?