In the function, auth_ldap_isgroupmember, in auth/ldap/lib.php, the search filter is invalid. The following filter is an example:

(&(uid=username_here)(/(uniqueMember=cn=group_name_here)))

Obviously, you need to search for the group that contains the user that is authenticating. The following is an example of a correct filter:

(&(uniqueMember=uid=username_here,ou=some,o=company.com)(/(cn=group_name_here)))

The following is the output of a diff of a corrected lib.php:

— lib.php.org Fri Mar 11 11:02:27 2005

+++ lib.php Fri Mar 11 11:37:23 2005

@@ -391,25 +391,26 @@

$ldapconnect = auth_ldap_connect();

$ldapbind = auth_ldap_bind($ldapconnect);

+ $user_dn = auth_ldap_find_userdn($ldapconnect, $username);

if (empty($username) OR empty($groupdns))

{ return false; }

+

$groups = explode(;,$groupdns);

//build filter

• $filter = (& ($CFG->ldap_user_attribute=$username)(/;

+ $filter = (& ($CFG->ldap_memberattribute=$user_dn)(/;

foreach ($groups as $group){

$group = trim($group);

if(!empty($group))

{ - $filter .= ($CFG->ldap_memberattribute=$group); + $filter .= ($group); }

}

$filter .= ));

//search

$result = auth_ldap_get_userlist($filter);

return count($result);

}