We are running IWP-hosted FileMaker databases from a server running OS 10.5. We are switching from internal to Open Directory external authentication for most users.

Is there any problem if users have identical accounts (same account name and password) in the external group and as internal accounts in a database? This has come up as a transition question, i.e. should we delete or disable the internal accounts as soon as we set up an external account for a given user.

The external group is set at the top of the account list in FileMaker so it should be first authentication used when someone logs in.

The external group is set at the top of the account list in FileMaker so it should be first authentication used when someone logs in.

I recommend you delete or disable the internal Accounts as you transfer them to external server authentication. The process doesn't work here in exactly the way you think it does. Although I can easily see why you think it would do so.

The authentication order refers to situations where an external account is in more than one group, not where there are identical accounts internally and externally. In the latter instance, IIRC, the internal account will be the one used.

You can easily test this by assigning the internal account to one privilege set and the Group with the same external account to a different privilege set. Then test for the active privilege set.

Steven