In my experience, if you do not specify the exact OU in your Base DN under the LDAP Users Configuration, LDAP will not be able to search child groups to import them into Drupal. This results in another issue: if you specify each OU and change from OU to OU in your settings in order to tie-in all users located in your base DN, users under your other groups (not specified at the present time in your configuration) will remain blocked and not active.

Is there a way around this? Can you specify more than a single OU at a time in your configuration and have things working correctly?

The error I receive if I use the highest-level for my BaseDN search is:
SimpleLdapException: Operations error in SimpleLdap::ldap_search() (line 1190 of C:\inetpub\wwwroot\drupal\sites\all\modules\simple_ldap\SimpleLdap.class.php).
The website encountered an unexpected error. Please try again later.

I therefore cannot login after this occurs.

Comments

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Issue summary: View changes

Update

blc’s picture

blc CreditAttribution: blc commented

I've been using multiple levels of LDAP nesting quite successfully. Be sure that the search scope is set to "Subtree"

Are you only seeing this while trying to do a manual import from LDAP? Doing an import is not necessary for authentication. A new Drupal account will be created for a user the first time that they successfully authenticate against LDAP.

DACRepair’s picture

DACRepair CreditAttribution: DACRepair commented

I am having the same issue. I am running PHP 5.5.1 Latest w/IIS7 Windows Server Enterprise 2008 R2

php_ldap is enabled.

DACRepair’s picture

DACRepair CreditAttribution: DACRepair commented
Issue summary: View changes

Second update