@Fernando-Gietz
Well, you may not intend to support such at the moment, but it does work in 1.5.6 provided the groups are specified in the web interface as a comma separated list, which may cause its own problems for some group names. It actually doesn’t look like much more needs to be done to flesh out that first enhancement beyond the UI elements and input validation. 🙂
I would suggest taking a look at the sequence of events for the bindings and searches, or at least making sure that the permissions contexts in which those searches occur are consistent. I think the quick and dirty fix I put in at line 547 won’t mess up anything, but I don’t have a lot of experience with either php and ldap.
And for posterity (read: when I forget what I did), diff against ldap.class.php released with 1.5.6 for the changes to address the issues for this thread:
547a548
> $bind = @$this->bind($bindDN, $bindPass);
616,617c617,618
< '(&(|(name=%s))(%s=%s))',
< implode(')(name=', (array)$adminGroups),
---
> '(&(|(cn=%s))(%s=%s))',
> implode(')(cn=', (array)$adminGroups),
640,641c641,642
< '(&(|(name=%s))(%s=%s))',
< implode(')(name=', (array)$userGroups),
---
> '(&(|(cn=%s))(%s=%s))',
> implode(')(cn=', (array)$userGroups),