authad doesn't seem to retrieve any group info from ActiveDirectory.
I'm using authad on my production wiki. Users can log in fine - I've even got Kerberos SSO working, which was a bit of a challenge - but ?do=check always says "You are part of the groups", which I interpret to mean that I'm not in any groups.
Using ldapsearch at the command line, I can use my adminuser credentials to pull AD info, including group membership:
ldapsearch -v -x -h adserver.mydomain.priv -D admin.user -W -b "DC=mydomain,DC=priv" -s sub "(cn=*)" cn mail sn | tee ~/ldap.txt
gives:
extended LDIF
#
# LDAPv3
# base <DC=mydomain,DC=priv> with scope subtree
# filter: (cn=*)
# requesting: cn mail sn
#
Plenty of normal-looking LDAP stuff, then here's a user in our Support AD group - I'm testing ACL access with this user, and I'd expect DW to report that it is a member of the Support group:
# Some User, Support, Users, Recipients, mydomain.priv
dn: CN=Some User,OU=Support,OU=Users,OU=Recipients,DC=mydomain,DC=priv
cn: Some User
sn: User
mail: Some.User@mydomain.com
More normal-looking LDAP stuff, and it ends like this, still looking OK to me:
# search reference
ref: ldap://DomainDnsZones.mydomain.priv/DC=DomainDnsZones,DC=mydomain,DC=priv
# search result
search: 2
result: 0 Success
# numResponses: 1320
# numEntries: 1318
# numReferences: 1
Of course, this is edited/redacted, but hopefully gives some idea that the admin user can retrieve AD info.
As group membership is really, really useful for configuring ACL, this is something I need to solve. I'm at the point where I'm hacking dbglog statements into authad code to figure out what's [not] happening. I haven't given up on my own research, but I haven't made much progress yet.
Any tips on what I can do to track down my issue?
Edit: I now see there are at least two related threads, which I probably could have joined instead of posting a new one. I've worked through
this thread and no luck yet. I probably can't test with a domain administrator. Anyone have any ideas please?