When pulling groups based on an LDAP attribute (in this case 'memberOf'), LDAP groups is creates a multi-level array of these groups instead of a single. Because of this, the array_intersect() call in ldapgroups.module, when allowing only users with certain groups to authenticate, is not finding any intersection.

The array from AD:

Array
(
    [0] => Array
        (
            [0] => CN=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=edu
            [1] => CN=xxx1,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=edu
        )

)

The array from $groups_allow attempting to intersect with it:

Array
(
    [0] => CN=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=edu

)

I've removed the details obviously, but the problem is with having the extra array level. I can fix this by changing $groups_allow to $groups_allow[0] in my case, but is there a more universal solution?

Thanks,
Erik

Comments

miglius’s picture

Assigned: Unassigned » miglius
Status: Active » Postponed (maintainer needs more info)

Can you update the ldap_integration code to the latest dev version and try again? Some changes made two weeks ago might have fixed this as well.

miglius’s picture

Issue tags: +ldapgroups
erikwebb’s picture

Status: Postponed (maintainer needs more info) » Closed (fixed)

The newest version has fixed that issue. Thank you very much. Great work!