Re: [Mediawiki-l] LdapAuthentication Group Synchronization

[snip] This looks like your problem... The plugin is getting the group, but isn't getting the group's shortname (the cn), please set: $wgLDAPGroupNameAttribute = array( "SMP-INC"=>"cn" ); Also, MediaWiki seems to have an issue with long group names (more than 16 characters). It looks like your groups are ok, but it is something to watch out for in the future. This looks like a bug... In function getGroups change this line: $filter = "(&($attribute=" . $this->getLdapEscapedString($dn) . ")(objectclass=$objectclass))"; to: if ($dn != "*") { $dn = $this->getLdapEscapedString($dn); } $filter = "(&($attribute=" . $dn . ")(objectclass=$objectclass))"; I'll fix this tonight... [snip] These are the current effective user's groups for this user according to MediaWiki. The plugin will later check the AD groups to see if the user needs to be added/removed from a MediaWiki group. http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication/archive 1#Group_Synchronization Ha. I wish I would have checked that link before I started tracing through my code :). This link fixes half of your problems, as a user mentioned that $wgLDAPGroupNameAttribute needed to be set. With that, the plugin would add users to MediaWiki groups, but the bug would probably cause the plugin to remove the user the next time they log in (and then add them the next time, and so on). I'm usually on freenode after 7:00pm cst. I can't access IRC from work. V/r, Ryan Lane