Thread:Extension talk:LDAP Authentication/RequiredGroups without DN/reply (2)

This is an unreliable and possibly insecure way of checking groups. It is possible to have two groups with the same name in different OUs. Most environments ensure unique group names, but not all do. This is something I simply won't implement. It isn't *too* difficult to find group DNs. I'd rather the extension be more difficult to configure than possibly open vulnerabilities for people with poorly configured directories.

I may add more documentation to make it easier to find group DNs, but the short answer to this feature request is no.