bluesoul

Solved.

The issue was with the LDAP URI. I set it too tight, as security groups and users are in different OUs off of my base domain.

So, incorrect:

ldap://CN=ldap.bind,CN=Managed Service Accounts,DC=snip,DC=snip,DC=snip,DC=snip:password@domaincontroller/OU=Users,DC=snip,DC=snip,DC=snip,DC=snip

Correct:

ldap://CN=ldap.bind,CN=Managed Service Accounts,DC=snip,DC=snip,DC=snip,DC=snip:password@domaincontroller/DC=snip,DC=snip,DC=snip,DC=snip

[Wed Jun 01 14:15:46.594836 2016] [:error] [pid 13255] [client 172.17.6.54:49250] PHP Warning: ldap_search(): Search: Bad search filter in /{snip}/wp-content/plugins/authldap/ldap.php on line 190, referer: https://ogweb/wp-login.php
[Wed Jun 01 14:15:46.594878 2016] [:error] [pid 13255] [client 172.17.6.54:49250] [AuthLDAP] Exception getting LDAP group attributes: no result found, referer: https://ogweb/wp-login.php

EDIT: It turned into a real mess with double quotes:

[Wed Jun 01 14:15:46.594800 2016] [:error] [pid 13255] [client 172.17.6.54:49250] [AuthLDAP] Group Filter: “(&(objectclass=group)(member=\\\\\\”CN=snip,OU=snip,DC=etc\\\\\\”))”, referer: https://ogweb/wp-login.php

Yeah, I’ll redact a little bit.

[Wed Jun 01 13:41:59.014899 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] Array\n(\n    [administrator] => \n    [editor] => \n    [author] => CN={snip},OU={snip},DC={snip},DC={snip},DC={snip},DC={snip}\n    [contributor] => \n    [subscriber] => \n)\n, referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.014936 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] Array\n(\n    [administrator] => \n    [editor] => \n    [author] => CN={snip},OU={snip},DC={snip},DC={snip},DC={snip},DC={snip}\n    [contributor] => \n    [subscriber] => \n)\n, referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.014968 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] Group Filter: "(&(objectclass=group)(member=CN={snip},OU={snip},OU={snip},OU={snip},OU={snip},DC={snip},DC={snip},DC={snip},DC={snip}))", referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.015457 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] Role from LDAP group: , referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.015473 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] role from group mapping: , referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.015484 2016] [:error] [pid 14530] [client 172.17.6.54:64752] PHP Notice:  no group found in /{{snip}}/wp-content/plugins/authldap/authLdap.php on line 302, referer: https://ogweb/wp-login.php
[Wed Jun 01 13:41:59.015500 2016] [:error] [pid 14530] [client 172.17.6.54:64752] [AuthLDAP] user is not in any group that is allowed access, referer: https://ogweb/wp-login.php

Of note, if I take the string it generates under Group Filter, and run it as an LDAP query through either ldifde or AD Users & Computers, I get the expected result of 13 security groups. But if I do a print_r($groups) all it returns is [count] => 0.

Looking through the code:

// Check whether the user is member of one of the groups that are
    // allowed acces to the blog. If the user is not member of one of
    // The groups throw her out! ;-)
    // If the user is member of more than one group only the first one
    // will be taken into account!

Is this correct? Only the first group to be returned will apply?

EDIT: $groups[‘count’] is also returning 0. $authLDAPGroupFilter looks correct, so the problematic point is $groups = authLdap_get_server()->search(sprintf($authLDAPGroupFilter, $username), array($authLDAPGroupAttr));. I will continue debugging with that in mind.

We’re very much on the same wavelength, I’ve tried both of those already with no change. $role is coming back empty, even though when I take the string from the debug output and run it, I get back 13 security groups.

Working with the plugin now, I can say the ! is not the culprit, I’m using a password with one and it has no trouble.

Issue persists. Any help would be appreciated.

Figured it out myself.

https://www.url.com/calendar/?ai1ec_tag_ids=N&action=ai1ec_month

I believe it sorted itself out, I haven’t touched it. It is on 1.4 currently, not 1.5. Sorry I can’t be more helpful.

Anyone?

I’m also having this issue with OptionTree not committing changes while ai1ec is activated. I can deactivate ai1ec, make my changes, and reactivate ai1ec for now.

Just a note for anyone else looking for this. The link above says it was included in 1.1.1 but it isn’t implemented until 1.2.4, so updating to that will give the feature above. It does look like if you want an event every 2nd and 4th Monday, to use the given situation, you need to make two events: One every 2nd Monday and one every 4th Monday.

Okay, looking at that page I see this snippet:

if( current_user_can( 'administrator' ) || current_user_can( 'editor' ) )
		{
			// User has privilege of seeing all published and private posts

			$post_status_where = "AND ( post_status = %s OR post_status = %s ) ";
			$args[]            = 'publish';
			$args[]            = 'private';

Appending another || current_user_can( 'contributor' ) gives the appropriate permission set for my use case, since the blog aspect of it is really not being used and the private posts are not necessary for anything else.

Thanks for the follow up, I now have the behaviors I need. Will be recommending your plugin to future clients!

Any ideas?

I’ve updated to 1.2.2 and now the problem is that draft events don’t show up in the widget or on the calendar page at all, even when logged in as an Admin. I see them in the “All Events” menu but that’s not going to be sufficient in this use case. Any other ideas?