Still tracking down while LDAP groups are not working properly with LDAPMultiPlugins I found the following:
when trying search for a group based on its id (which will be the objectGUID) ActiveDirectoryMultiPlugin.enumerateGroups builds an LDAP search filter which is passed to LDAPDelegate.search(). The first thing that happens there is filter=to_utf8(filter). At that point the binary objectGUID is mangled and the search will fail.
I'm not sure how we can fix this. The options I can see are to move the utf-8 conversion higher up in the stack or modify LDAPDelegate.search to look for binary attributes and not pass those to utf-8. Both are non-trivial.
|
