Thread:Extension talk:LDAP Authentication/Active Directory group synchronization problems

Hey everyone, most likely I'm doing something wrong here but I wanted to start a discussion anyways.

I'm trying to synchronize groups from AD as described here:

http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Options#Synchronizing_LDAP_groups_with_MediaWiki_security_groups

However in the debug log, I see that a user will be removed from groups if they are no longer a the synchronization get's to the hasLDAPGroup but returns false for every group.

The function is as follows:

/** * Returns true if this group is in the list of the currently authenticated * user's groups, else false. * * @param string $group * @return bool * @access private */ function hasLDAPGroup( $group ) { $this->printDebug( "Entering hasLDAPGroup", NONSENSITIVE ); return in_array( strtolower( $group ), $this->userLDAPGroups["short"] ); }

However after searching the LDAPAuthentication.php file for "$this->userLDAPGroups["short"]", it seems that it never gets set. It should (from my understanding) be set in the getGroups function.

(I'm using memberOf)

towards the end of the function:

$groups = array( "dn" => array, "short" => array ); foreach ( $memberOfMembers as $mem ) { array_push( $groups["dn"], strtolower( $mem ) ); } $this->userLDAPGroups = $groups;

It seems like there should be some logic to extract the "short" name. Perhaps searching the dn for the cn entry and pushing that into "short".

Thanks