Thread:Extension talk:LDAP Authentication/Group Synchronization not Functioning Properly

Been trying for a day and a half browsing through archived help here on this page and elsewhere, but still cannot find a resolution to this problem. Hoping some direct help can solve it.

AD Structure is: DOMAIN.DOMAIN.COM |-Accounts |-JohnsonA (Display Name Andrew Johnson) |-Accounts (Utility) |-Media Wiki (user) |-Wiki Groups |-Wiki SysOp |-Wiki Bureaucrat
 * -Branches
 * -Global Groups

Domain User accounts are hosted in 'Accounts'. Mediawiki Account is in 'Accounts (Utility)'. Wiki Groups are in 'Wiki Groups'.

LocalSettings.php: require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); require_once( "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin; $wgLDAPSearchAttributes = array( "DOMAIN"=>"sAMAccountName" ); $wgLDAPUseLocal = false; $wgLDAPDomainNames = array('DOMAIN'); $wgLDAPServerNames = array('DOMAIN' => 'SERVER1 SERVER2'); $wgLDAPSearchStrings = array('DOMAIN' => 'DOMAIN\\USER-NAME'); $wgLDAPAutoAuthDomain = "DOMAIN"; list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']); $wgLDAPAutoAuthUsername = $userid; $wgLDAPEncryptionType = array( "DOMAIN" => "clear" ); $wgLDAPUseSSL = false; $wgMinimalPasswordLength = 0; AutoAuthSetup;
 * 1) Enable LDAP

$wgLDAPUseLDAPGroups = array( "DOMAIN"=>true ); $wgLDAPGroupUseFullDN = array( "DOMAIN"=>true ); $wgLDAPBaseDNs = array( "DOMAIN"=>"dc=DOMAIN,dc=DOMAIN,dc=com" ); $wgLDAPGroupUseRetrievedUsername= array('AD' => true); $wgLDAPGroupObjectclass = array( "DOMAIN"=>"group" ); $wgLDAPGroupAttribute = array( "DOMAIN"=>"member" ); $wgLDAPGroupNameAttribute = array( "DOMAIN"=>"cn" ); $wgLDAPGroupSearchNestedGroups = array( "DOMAIN"=>true );
 * 1) Sync groups with AD

$wgGroupPermissions['Wiki SysOp']['edit'] = true; $wgGroupPermissions['Wiki SysOp'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['Wiki Bureaucrat']['edit'] = true; $wgGroupPermissions['Wiki Bureaucrat'] = $wgGroupPermissions['bureaucrat'];

Debug Results (I used JohnsonA because this is how the username is being formatted in the output. Not a real user.): 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering AutoAuthentication. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f User isn't logged in, calling setup. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Setting domain as: DOMAIN 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Calling authenticate with username (JohnsonA). 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering authenticate for username JohnsonA 2011-09-16 21:54:55 FFSB_Wiki: 1.2f 2011-09-16 21:54:55 FFSB_Wiki: 1.2f 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering Connect 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Using TLS or not using encryption. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Using servers:  ldap://SERVER1 ldap://SERVER2 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Connected successfully 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getSearchString 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Doing a straight bind 2011-09-16 21:54:55 FFSB_Wiki: 1.2f userdn is: DOMAIN\JohnsonA 2011-09-16 21:54:55 FFSB_Wiki: 1.2f 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getGroups 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Retrieving LDAP group membership 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Searching for the groups 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering searchGroups 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getBaseDN 2011-09-16 21:54:55 FFSB_Wiki: 1.2f basedn is not set for this type of entry, trying to get the default basedn. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getBaseDN 2011-09-16 21:54:55 FFSB_Wiki: 1.2f basedn is dc=DOMAIN,dc=DOMAIN,dc=com 2011-09-16 21:54:55 FFSB_Wiki: 1.2f User Filter: (&(distinguishedName=FFSB\5cJohnsonA)(objectclass=user)) 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Search string: (&(member=FFSB\5cJohnsonA)(objectclass=group)) 2011-09-16 21:54:55 FFSB_Wiki: 1.2f No entries returned from search. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering searchNestedGroups 2011-09-16 21:54:55 FFSB_Wiki: 1.2f No more groups to search. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Got the following nested groups: 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering checkGroups 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getPreferences 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering synchUsername 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Authentication passed 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering getCanonicalName 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Username isn't empty. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Munged username: JohnsonA 2011-09-16 21:54:55 FFSB_Wiki: 1.2f User exists in LDAP; finding the user by name (Johnsona) in MediaWiki. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Got id (3). 2011-09-16 21:54:55 FFSB_Wiki: 1.2f User exists in local database, logging in. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering updateUser 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Setting user groups. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering setGroups. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Locally managed groups is unset, using defaults:  bot::sysop::bureaucrat 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Available groups are:  bot::sysop::bureaucrat::Wiki SysOp::Wiki Bureaucrat 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Effective groups are:  bureaucrat::sysop::*::user::autoconfirmed 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Checking to see if user is in: bot 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering hasLDAPGroup 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Checking to see if we need to remove user from: sysop 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering hasLDAPGroup 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Checking to see if we need to remove user from: bureaucrat 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering hasLDAPGroup 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Checking to see if user is in: Wiki SysOp 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering hasLDAPGroup 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Checking to see if user is in: Wiki Bureaucrat 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering hasLDAPGroup 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Saving user settings. 2011-09-16 21:54:55 FFSB_Wiki: 1.2f Entering NoLogout.

Mediawiki 1.17.0

PHP 5.3.6 (cgi-fcgi)

MySQL 5.5.15

I am able to authenticate and auto-create a user when accessing the site for the first time. The issue I'm having is that the groups are not syncing together. This code created the groups Wiki SysOp and Wiki Bureaucrat on the server, but they are not properly populating users in from Active Directory. Any help on this is greatly appreciated!