I'm having problems pulling group memberships from Active Directory, and I'm not sure where to look next.

AD is set up like:

DC=org,DC=local
OU=Users1
CN=User1
OU=Users2
OU=WebGroups
CN=Group1

User accounts are authenticating/creating just fine. When I try to configure LDAPGroups to automatically assign roles it's very much not working. I have 2 options configured.

Groups are specified by LDAP attributes: enabled
Attribute Name: memberOf

and

Groups exist as LDAP entries where a multivalued attributed contains the members CN's: enabled
Nodes Containing Groups: CN=Group1,OU=WebGroups,DC=org,DC=local
Attribute Holding Group Members: member

I've taken Kreaper's suggestion of inserting a debug line in ldapgroups.module ( http://drupal.org/node/147824 ). When new users with group memberships in AD log in, the array comes up empty. Any suggestions on what my next step should be?

Thanks!

Comments

tech4him’s picture

tech4him commented

This may be a stupid suggestion but have you tried using ONLY:

Groups are specified by LDAP attributes: enabled
Attribute Name: memberOf

and remove everything in "...multivalued attribute contains the member CN's?

We got this working in an AD environment today however all users are in a single OU and we are bringing in all groups.

Far2Paranoid’s picture

Far2Paranoid commented

That config was actually what I tried first, because it looked like people were having success with it. When I use those settings, users still authenticate fine, but no group memberships are found.

I'm not sure if it makes a huge difference, but not all of my users are in the same OU. They ARE all in the same domain, but not OU.

johnbarclay’s picture

johnbarclay commented
Status: Active » Closed (won't fix)

Closing 5.x issues to clean out issue queue.