I setup a custom LDAPAuthenticator that successfuly reads users and groups from our internal LDAP server. The problem I'm running into is setting up group membership; I checked with our admins and I believe static is what I want. The following is a sample of our LDAP schema that defines a group and its members:
So I setup the static group settings in my custom authenticator as follow:
Static Group Attribute: cn
Static Group Class: posixGroup
Static Member DN Attribute: memberUid
Static Group DNs from Member DN: (&(memberUid=%u)(objectClass=posixGroup))
Using this, none of my LDAP users get marked as members of the groups they're in. I'm a little worried that the documentation for the "Static Member DN Attribute" says that it should be an attribute that specifies the DN of the group members, but according to our schema we only list the uid of the group members. I tried to account for this in the filter by using %u instead of the default %M, but I'm not having any luck.