ms-ad not getting all groups user is memberOf

[rajkaran]

I am not sure if this qualifies for a bug.

Below is my providers.json

{
  "ldap": {
    "provider": "ldap",
    "authScheme":"ldap",
    "module": "passport-ldapauth",
    "authPath": "/auth/ldap",
    "successRedirect": "/auth/account",
    "failureRedirect": "/ldap",
    "failureFlash": true,
    "session": false,
    "profileAttributesFromLDAP": {
        "givenName": "givenName",
        "familyName": "sn",
        "username": "sAMAccountName",
        "email": "mail",
        "groups": "memberOf"
    },
    "server":{
      "url": "",
      "bindDn": "",
      "bindCredentials": "",
      "searchBase": "",
      "searchAttributes": ["cn", "mail", "samaccountname", "givenname", "memberof", "sn", "objectGUID"],
      "searchFilter": "(samaccountname={{username}})"
    }
  }
}

This is the a snippet from passport-configurator.js (line 145)

   // support groupSearch results
    if (ldapAttrName === '_groups') {
      profile[profileAttrName] = [].concat(user[ldapAttrName]);
    } else {
      profile[profileAttrName] = [].concat(user[ldapAttrName])[0];
    }

As you can see in searchAttributes I do not have _groups and we do not uses this in our AD installation instead of _groups we have memberOf. Due to this if condition we never gets the complete memberOf array.

Can memberOf be added to this condition.

[Tyler-RCSD]

Yes! I am having the exact same issue!

[ermakovov]

@virkt25, @jannyHou, @b-admike, @dhmlau,

Please see the appropriate pull-request: #272

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.