|Project:||Lightweight Directory Access Protocol (LDAP)|
I noticed that the test passed for OG authorization, but when the user actually connects, the user is not added to the group.
Digging the code in ldap_authorization.inc, I noticed line 351 that the result of $consumer->availableConsumerIDs(); is different when the consumer is role or OG.
Case of Role:
... (Array, 2 elements)
role_name (String, 18 characters ) authenticated user
administrator (String, 13 characters ) administrator
Case of OG:
... (Array, 3 elements)
0 (String, 10 characters ) node:104:7
1 (String, 10 characters ) node:104:8
2 (String, 10 characters ) node:104:9
So the generated key doesn't correspond, therefore when used in $containers_needed_lcase = array_diff($grants_lcase, $consumer_containers_existing); it returns an empty array - $grants_lcase contains data with the form node:nid:og_rid or role_name.
This bug should be in the implementation of availableConsumerIDs() - I am working on it to provide a patch (not in diff format, sorry). I will post it in here.