The clue to why my 4.3.X plone groups panel was returning unusable encoded names from ActiveDirectory was within your description of why the objectguid cannot be used for user id attribute.
You might add a note in the installation instructions that this is also important for groups: to also use sAMAccountName to hook those up properly in plone. Took a lot of web searches for me to find the missing step.
This was tricky to resolve, because ZMI (and getGroups() from the lower acl_users level) presents the group names fine even using objectguid vs. the encoded problem in plone. A quick change to groupid_attr in Plone Active Directory plugin properties seems to have fixed it up.
I guess it also doesn't help that the user id attribute is configured separately from the group id attribute in ZMI, but the controls are there.
The clue to why my 4.3.X plone groups panel was returning unusable encoded names from ActiveDirectory was within your description of why the objectguid cannot be used for user id attribute.
You might add a note in the installation instructions that this is also important for groups: to also use sAMAccountName to hook those up properly in plone. Took a lot of web searches for me to find the missing step.
This was tricky to resolve, because ZMI (and getGroups() from the lower acl_users level) presents the group names fine even using objectguid vs. the encoded problem in plone. A quick change to groupid_attr in Plone Active Directory plugin properties seems to have fixed it up.
I guess it also doesn't help that the user id attribute is configured separately from the group id attribute in ZMI, but the controls are there.