Thread:Extension talk:LDAP Authentication/Authenticate if member of a single group/reply (2)

First of all I'd like to say thanks for this awesome plugin, it works great and has saved me a great deal of time configuring users!

I was having the exact same issue when authenticating with my company's LDAP system. They have a massive LDAP implementation with many thousands of groups and employees. To retrieve all the groups a user is a member of takes about a minute. This is a long time and some people might think that the site is broken and give up if authentication takes this long. I created an hacky workaround that worked for me, hopefully it can help you out too.

This workaround/hack isn't complete or heavily tested, so keep that in mind. And there is probably a better way to do this for sure. For one it doesn't support checking Excluded LDAP groups yet (Although I plan to add that). For my purposes, which is checking to see if a user is a member of one (or more) required groups, it works fine. I am also thinking about adding another option to force the extension to check that a user is a member of ALL required groups. I'm not sure when I'd actually use this, but I just started thinking about it. Right now, if a user is a member of ANY of the required groups, they are successfully authenticated (Please correct me if I'm wrong in this assumption).

I added two options to turn on this functionality:

Following is the patch to LdapAuthentication.php. If you have trouble applying the patch, I can send you the updated file. Good luck!