Thread:Extension talk:LDAP Authentication/Trouble with Group Restricted Login/reply (7)

I'm pretty sure your basedn is the problem. The way you have it configured, the extension is searching for the "Admin" user under "cn=it,ou=distribution lists,ou=exchange,ou=groups,ou=global head quarter,dc=domain,dc=tld", which is actually your group. You need to set the basedn to some part of your directory information tree that is higher in the tree than your user. For instance, if your user's DN was: "cn=Admin User,ou=users,ou=global head quarter,dc=domain,dc=tld", you'd want to set the basedn to: "ou=global head quarter,dc=domain,dc=tld".

Notice that above, I didn't use "ou=users,ou=global head quarter,dc=domain,dc=tld". When you set the basedn, it sets it for all searches. If you did that, when the extension later searched for the group, it wouldn't find it, because the group isn't under "ou=users", it is under "ou=groups". If for performance reasons you need to set these more explicitly, you can use "$wgLDAPGroupBaseDNs" and "$wgLDAPUserBaseDNs", which would be set like so:

Obviously, you need to change the above to fit your situation.