Found it – argh – days later. turns out that the Role mapping between AD groups and WordPress groups is Case Sensitive…
Doesnt work:
AD_AdminGroup=Adminstrator;AD_EditorGroup=Editor;AD_SubscriberGroup=Subscriber.
Does work:
AD_AdminGroup=adminstrator;AD_EditorGroup=editor;AD_SubscriberGroup=subscriber.
go figure, especially since the Dashboard sees it one way for the user counts, but not the other way for listing and editing, and obviously for setting permissions as well.
Hope this saves time for someone else…
J
