Role – Group mapping not working

  • I am very happy with this plugin so far!!! I got it to work in a few minutes only. The only thing that puzzles me is why I cannot get the role to group mapping working.

    First a question about two diffent settings I am not sure how to interpret them because they look similar (but they aren’t of course):
    – Map LDAP Groups to wordpress Roles? Search LDAP for user’s groups and map to WordPress Roles.
    – LDAP Groups override role of existing users? If role determined by LDAP Group differs from existing WordPress User’s role, use LDAP Group.

    The first is if role group mapping should be executed in the first place. If so, I would suggest this option to present under the Groups for Roles section (lower on the settings page).
    Enabling the second option is probably what caused my administrator account to be degraded to Contributer instead of having the administrator role? Am I correct?

    I am using the plugin with an Active Directory. I figured out the settings to have it authenticate to my Active Directory. It wasn’t clear to me in the beginning that I needed to specify an account in the LDAP URI to be able to bind to the AD in the first place. Figured that out.

    Now I want to match some WordPress roles to groups in Active Directory. I specified the following in the settings:
    Group-Base: left empty
    Group-Attribute: cn (because I expect cn values of groups to be specified further down)
    Group-Separator: left empty, so it defaults to comma
    Group-Filter: (&(objectClass=group)(member=%dn%))

    In the list of roles I configured three groups that exist in the Active Directory:
    Administrator: Portal administrators
    Internal: Internal accounts
    External: External accounts

    When I login with a user who’s a member of the Active Directory group ‘Internal accounts’, the user is created in WordPress but it is only assigned the default role ‘Contributor’ and not the role ‘Internal’.

    I also tried the Group-Filter with (&(objectClass=groupOfNames)(member=%dn%)) but that attribute does not exist in AD, so I expect that the above mentioned group filter is correct?

    I also tried to find how the debug option works for this plugin but I did not find that so far. Any help is appreciated and I am confident it will work, just need to know what I am overlooking. I don’t know if no groups are retrieved from AD or if the groups are not correctly matched.

Viewing 1 replies (of 1 total)
  • Thread Starter Paul Distel

    (@pauldistel)

    Even with the setting ‘LDAP Groups override role of existing users?’ disabled, roles assigned to an AD user are removed and only contributer is assigned. No clue yet why…

Viewing 1 replies (of 1 total)
  • The topic ‘Role – Group mapping not working’ is closed to new replies.