Then, at authentication time the $wgGroupPermissions array could be populated based on whether or not the user is in these groups like:
foreach ($myGroupMap as $mwGroup => $adGroup) { if (plexcel_is_member_of($adGroup)) { $wgGroupPermissions[$mwGroup] = ??? } }
It seems dynamically adding people to MW groups does not degrade the existing security mechansims of MW.
Of course the '???' part is a blur - are there any hooks for this sort of thing?
Are you trying to add a user to MediaWiki groups, or are you trying to add permissions to a group?
It looks like you are trying to add permissions. Why not instead synchronize the user's groups from AD, to MediaWiki? Then admins can assign permissions to LDAP groups via MediaWiki like they normally do.
See the LDAP Authentication plugin, specifically the "setGroups" function.
V/r,
Ryan Lane