After pulling my hair out trying to get the default LDAP auth plugin configured, I went ahead and wrote a simpler replacement. All it does is clean up the username, and attempt to bind to AD with the credentials provided at login.<div>
<br></div><div>It doesn't check to see if the user exists (according to our policy that's a minor security risk, since a bot can use that to determine valid usernames), and will simply return true if the user & password matches perfectly.</div>
<div><br></div><div>The plugin could be made even more efficient, I'm sure.</div><div><br></div><div><a href="http://pastie.org/3261915">http://pastie.org/3261915</a> <br clear="all"><br clear="all">Regards,<div><b>Wogan May</b></div>
<div><i><font color="#c0c0c0">Digital Polymath</font></i></div><div><br></div><div>[ <a href="http://about.me/wogan" target="_blank">about.me</a> | <a href="https://plus.google.com/110555803212391859805" target="_blank">google+</a> ]</div>
<br>
</div>