We removed "FSU" from the "fsuEduVPNList" for everybody, since the employeeStatus covers everybody. The LDAP filter now used by mdsoti and mdsacns1 is:

(|(employeeStatus=Active)(fsuEduVPNList=FSU))

I've modified the FSU VPN "editor" page with the following "warning" paragraph so that folks are aware of this change in VPN authentication. I would prefer to keep the list of people who are manually given VPN access real small, as it's too easy to forget about it and allow people to have FSU VPN access long after they should.

Posted on http://fsuid.fsu.edu/fsuvpn:

"NOTE: As of 2/14/2006, the concentrator will now allow any active employee access to the FSU VPN. This means that manual addition/removal of FSUIDs is not required for employees. You can still use this utility to explicitly permit FSUIDs access to the FSU VPN, although it is better to use the employee status, as it will come and go automatically."

FWIW, the ERP VPN authentication used by the ERP Cisco VPN concentrator (managed at http://fsuid.fsu.edu/erpvpn) remains unchanged (explicit value of "fsuEduVPNList=ERP" and not all active employees).

-- Jeff