Title: Wrong Group-filter Last modified: July 2, 2018 --- # Wrong Group-filter * [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/) * Dear all, * I’ve been messing around and a lot to achieve correct group mapping, and I think I’ve unsuccessfully tried every possible combianation… * I’m trying to log with a user testwpediteur which belongs to wpediteur group. I’ve mapped Editor with wpeditor in configuration. * Here is what says error.log : - testwpediteur logging in - about to do LDAP auuthentication - connect to LDAP server - LDAP authentication successfull - Array\n( … [editor] => wpediteur\n …)\n - Group filter : “(&(objectClass=groupOfNames)(member=uid=%s,ou=people,dc=annuaire. prepasbio,dc=org))” - LDAP Groups : [] - Role from LDAP Group : , - Role from group mapping: , - No group found in … * So far, the connection part is OK, but, clearly, my Group filter is not the good one, and I’m looking for the magic formula. * When I search ldap from my server, here is what I code: * ``` ldapsearch -LLL -D "uid=XXX,ou=people,dc=annuaire.prepasbio,dc=org" -W -b "dc=annuaire.prepasbio,dc=org" "(&(objectClass=groupOfNames)(member=uid=testwpediteur,ou=people,dc=annuaire.prepasbio,dc=org))" cn ``` * and what I get: * ``` dn: cn=membresupa,ou=groups,dc=annuaire.prepasbio,dc=org cn: membresupa dn: cn=wpediteur,ou=groups,dc=annuaire.prepasbio,dc=org cn: wpediteur ``` * Last bytes in the configuration screen: - I’ve checked “LDAP Groups override role of existing users?” - Group-Attribute: cn - Groue filter : (&(objectClass=groupOfNames)(member=uid=%s,ou=people,dc=annuaire. prepasbio,dc=org)) - Editeur : wpediteur * I hope there’s enough matter for anyone to guess the magic formula : many thnaks for people’s help ! Best regards, JMarc Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [heiglandreas](https://wordpress.org/support/users/heiglandreas/) * (@heiglandreas) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10455338) * Hey [@graminou](https://wordpress.org/support/users/graminou/) * As far as I see it you want to use a DN as filter. So you could also use the `% dn%`-placeholder instead of creating the DN for yourself. So you could rewrite your current group-filter like this: * `(&(objectClass=groupOfNames)(member=%dn%))` * Perhaps that does already solves the issue? * If not, I’d need some more input, but let’s talk about that when this solution doesn’t work. * Cheers * Andreas * Thread Starter [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10455554) * Thanks for such a quick support ! * Un fortunatly, this does notwork either. Here’s the log part : - same thing as above, down to group mapping - Group Filter: “(&(objectClass=groupOfNames)(member=uid=testwpediteur,ou=people, dc=annuaire.prepasbio,dc=org))” - LDAP groups: [] - Role from LDAP group: - user is not in any group that is allowed access * Still get : ` # ldapsearch -LLL -D “uid=admin_login,ou=people,dc=annuaire.prepasbio, dc=org” -W -b “dc=annuaire.prepasbio,dc=org” “(&(objectClass=groupOfNames)(member =uid=testwpediteur,ou=people,dc=annuaire.prepasbio,dc=org))” cn * Enter LDAP Password: * dn: cn=membresupa,ou=groups,dc=annuaire.prepasbio,dc=org cn: membresupa * dn: cn=wpediteur,ou=groups,dc=annuaire.prepasbio,dc=org cn: wpediteur * So I should get in logs : - LDAP groups: [membresupa, wpediteur] * Arrrh, it seems to be so close : frustrating ! ;o) * Do you need any further datas ? Cheers, JMArc * Thread Starter [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10455561) * Sorry for the missing code tag… my message is a mess… * Plugin Author [heiglandreas](https://wordpress.org/support/users/heiglandreas/) * (@heiglandreas) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10456836) * Sorry for the delay. * Can you provide me with an excerpt of how your group looks like? Like the output of this command? * `ldapsearch -LLL -D “uid=admin_login,ou=people,dc=annuaire.prepasbio,dc=org” - W -b “dc=annuaire.prepasbio,dc=org” “(&(objectClass=groupOfNames)(member=uid= testwpediteur,ou=people,dc=annuaire.prepasbio,dc=org))”` * Feel free to anonymize the content but I’d need to know what attributes with what kind of value are available. * Also: What did you configure as Group-Attribute? * Cheers * Andreas * Thread Starter [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10457355) * Thanks for replying so fast, Andreas ! * Here’s some sigificant excerpt of the output (I have 500 members in the output…): * ``` dn: cn=membresupa,ou=groups,dc=annuaire.prepasbio,dc=org objectClass: groupOfNames objectClass: gosaGroupOfNames description: Groupe des membres UPA gosaGroupObjects: [U] cn: membresupa member: uid=admin_login,ou=people,dc=annuaire.prepasbio,dc=org member: uid=testeur,ou=people,dc=annuaire.prepasbio,dc=org (... other 500 memebrs of this group...) member: uid=testwpediteur,ou=people,dc=annuaire.prepasbio,dc=org dn: cn=wpediteur,ou=groups,dc=annuaire.prepasbio,dc=org objectClass: groupOfNames objectClass: gosaGroupOfNames cn: wpediteur description:: R3JvdXBlIGRlcyBtZW1icmVzIGF1dG9yaXPDqXMgw6Agw6lkaXRlciBkdSBjb250 ZW51IHN1ciBsZSBibG9n gosaGroupObjects: [U] member: uid=testwpediteur,ou=people,dc=annuaire.prepasbio,dc=org member: uid=XXX,ou=people,o=Champollion,o=GRENOBLE,dc=annuaire.prepasbio,dc= org member: uid=arnaud,ou=people,ou=Phys.chimie,dc=annuaire.prepasbio,dc=org ``` * For Group-attribute, I’ve put : cn * Thanks for all ! JMarc * Plugin Author [heiglandreas](https://wordpress.org/support/users/heiglandreas/) * (@heiglandreas) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10457407) * Hm… * Thanks for the update. It looks like everything is as it should be. * Which means, that you seem to have found a bug. Congratulations on that! 😉 * Now let’s see how to fix that. I assume you are using version 2.0.3 of the authLdap- plugin. * Can you add the following code to line 517 of the file authLdap.php? * `authLdap_debug(print_r($groups, true));` * After that there should be some more output in the error-log. Would you mind sending me that? If you like per PM to authldap AT heigl DOT org * Thread Starter [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10457425) * Call me Mr. Jourdain : I’m a bugtracker who ignores he’s one ;o) * I actually use 2.0.3 version. Cool ! * See you in MP Cheers, JMarc * Thread Starter [graminou](https://wordpress.org/support/users/graminou/) * (@graminou) * [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10458155) * (Have you received mail MP ?) Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Wrong Group-filter’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/authldap.svg) * [authLdap](https://wordpress.org/plugins/authldap/) * [Frequently Asked Questions](https://wordpress.org/plugins/authldap/#faq) * [Support Threads](https://wordpress.org/support/plugin/authldap/) * [Active Topics](https://wordpress.org/support/plugin/authldap/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/authldap/unresolved/) * [Reviews](https://wordpress.org/support/plugin/authldap/reviews/) * 8 replies * 2 participants * Last reply from: [graminou](https://wordpress.org/support/users/graminou/) * Last activity: [7 years, 11 months ago](https://wordpress.org/support/topic/wrong-group-filter/#post-10458155) * Status: not resolved