Jon,

I am not sure that we need the AD to do the authorization in LabKey.

I think what we'd like is to create a general user group in AD (i.e., labkeyusers), and then set up LabKey such that only those users could login. From there we would handle permissions within LabKey as usual.

As it stands now, *all* of our AD users can login to LabKey and create accounts, which, even though most won't have any permissions on projects, is not optimal.

Thanks for your help.

cheers,

bront