I have a scenario that involves users getting assigned to a pair of Drupal roles, and then group memberships for several groups, all controlled through OG. Users can either be in a basic group with very limited permissions or a moderator level group with a larger set of permissions. Everything is fine for the lower level users, the Drupal role gets assigned, and they also get assigned to all their groups. However, the moderators do not get assigned the OG group memberships unless I remove the Administer Organic groups permission from the second role.
Users in the moderator role get assigned to both the basic role, and the role with more permissions (which needs to provide Administer Organic groups). They should also be assigned to several groups in addition to the Drupal roles. Walking through the debugging messages, LDAP Authorize OG finds the list of groups correctly, but the users do not end up as members of the groups, it just seems to fail quietly. If I remove the offending permission, all group membership assignments happen properly.
I'm not completely sure this is an LDAP module issue, but since the group assignments should be handled here I'm opening the ticket here. If anyone can suggest steps to determine concretely if this is an OG or LDAP issue I'd be happy to do my part.