In the following we list some important default values for connecting to an Active Directory (AD):
LDAP Group filter (ldap_group_filter):
(objectClass=group)
LDAP attribute used to search the user (ldap_search_attribute):
sAMAccountName
LDAP attribute used to search the member (ldap_member_name):
member
In order to just receive user objects, you should also set the following value:
LDAP user filter (ldap_user_filter):
(objectClass=user)
Furthermore, be sure that all users that are assigned to the groups appear within the attribute member (attribute editor of the group in the AD manager). Otherwise, the LDAP module cannot assign those users to the VIMP roles on the basis of the LDAP groups.