TobyDahmen
commented
4 months ago I had problems with this today too (same error as above). After some trial and error I came up with this solution (workaround?)
When creating the LDAP Adapter, I used these options:
$authAdapter = new Ldap([
'ad' => [
'host' => '<MyADHost>',
'accountDomainName' => '<MyDomain>',
'baseDn' => '<MyBaseDn>',
'group' => '<The group to check>',
'groupFilter' => 'objectClass=group', // <===
'memberAttr' => 'member', // <===
],
]);This creates the following LDAP filter:
(&(&(cn=<The group to check>)(member=<DN of the user>))(objectClass=group))If I do not set groupFilter and memberAttr this LDAP filter is used:
(&(&(cn=<The group to check>)(uniqueMember=<DN of the user>))(objectClass=groupOfUniqueNames))I confess, I do not know enough about LDAP to say, why my solution gives me the expected result while the default options do not.
i'm trying to implement multi servers ldap authentication mentioned in docs, the thing is auth process is flawless but with adding group to options parameters i get this:
[0] => Account is not a member of the specified group [1] => Failed to verify group membership with (&(&(cn=grpTest)(grpTest=CN=Hamed Okhovvat,OU=IT,DC=Domain,DC=local))(objectClass=groupOfUniqueNames))Is there any recommendation to verify group membership? Thanks a lot in advance
Originally posted by @iHamex at https://github.com/zendframework/zend-authentication/issues/24