Hi, I think I've found a bug in the LDAP implementation. When I use: $conf['auth']['ldap']['mapping']['grps'] = array('ou' => '/(.*)/i'); to map the 'ou' property to the groups, the resulting groups are: [grps] => Array ( [0] => 2 [1] => Employees [2] => Information Technology Library and Education [3] => user ) Number 1 & 2 are from LDAP, 3 is built-in, but number 0 with the value '2' shouldn't be there. A quick look in the LDAP result shows: [ou] => Array ( [count] => 2 [0] => Employees [1] => Information Technology Library and Education ) So, the bug is that the 'count' is used in the mapping too. I was able to fix it with: $ diff -u ldap.class.php.dist ldap.class.php.fixed --- ldap.class.php.dist 2007-03-13 09:49:41.000000000 +0100 +++ ldap.class.php.fixed 2007-03-13 09:49:42.000000000 +0100 @@ -192,7 +192,9 @@ if(is_array($key)) { // use regexp to clean up user_result list($key, $regexp) = each($key); - foreach($user_result[$key] as $grp){ + $grps = $user_result[$key]; + unset($grps['count']); + foreach($grps as $grp){ if (preg_match($regexp,$grp,$match)) { if($localkey == 'grps') { $info[$localkey][] = $match[1] It strips items with 'count' as a key. Is this a bug or just a quirk in the LDAP implementation I use here? Regards, Dennis -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist