Thank you for the quick reply.
I also have a question about the posix groups.
To create a user in ds, the idm-console has a form which is quite easy. I can also use this to create "Groups", but they are not unix groups. I assume these are simply to keep organized all the users.
To add a unix group i have to create->new->other, and choose posix group. Then i manually pick the gidnumber. It does not seem to matter where i place this posix group. My first thought is that it is going to get very messy trying to keep track of each users posixgroup.
secondly, does this seem like a good plan for authentication structure below.
UnixGroups
\- all posix groups here.
People
\- Vendors
\- CompanyA
\- CompanyB
\- Staff
\- Accounting
\- SysAd
\- Development
\- YadaYada.
But then how would i say users in companyb can only login to some hosts?