Hey everyone, most likely I'm doing something wrong here but I wanted to start a discussion anyways.
I'm trying to synchronize groups from AD as described here:
However in the debug log, I see that a user will be removed from groups if they are no longer a the synchronization get's to the hasLDAPGroup but returns false for every group.
The function is as follows:
/**
* Returns true if this group is in the list of the currently authenticated
* user's groups, else false.
*
* @param string $group
* @return bool
* @access private
*/
function hasLDAPGroup( $group ) {
$this->printDebug( "Entering hasLDAPGroup", NONSENSITIVE );
return in_array( strtolower( $group ), $this->userLDAPGroups["short"] );
}
However after searching the LDAPAuthentication.php file for $this->userLDAPGroups["short"]
, it seems that it never gets set. It should (from my understanding) be set in the getGroups function.
(I'm using memberOf)
towards the end of the function:
$groups = array( "dn" => array(), "short" => array() );
foreach ( $memberOfMembers as $mem ) {
array_push( $groups["dn"], strtolower( $mem ) );
}
$this->userLDAPGroups = $groups;
It seems like there should be some logic to extract the "short" name. Perhaps searching the dn for the cn entry and pushing that into "short".
Thanks