diff --git a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
index 6364efe9eddc05952260691b201711964ceb3d9b..a9ee77f703f155f73b3772a6ec4410427f25d8fe 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
@@ -113,7 +113,30 @@ class sspmod_ldap_Auth_Process_AttributeAddUsersGroups extends sspmod_ldap_Auth_
// Pass to the AD specific search
$groups = $this->searchActiveDirectory($attributes[$map['dn']][0]);
break;
-
+
+ case 'OPENLDAP':
+ // Log the OpenLDAP specific search
+ SimpleSAML_Logger::debug(
+ $this->title . 'Searching LDAP using OpenLDAP specific method.'
+ );
+ // Print group search string and search for all group names
+ $openldap_base = $this->config->getString('ldap.basedn','ou=groups,dc=example,dc=com');
+ SimpleSAML_Logger::debug(
+ $this->title . "Searching for groups in ldap.basedn ".$openldap_base." with filter (".$map['memberof']."=".$attributes['uid'][0].") and attributes ".$map['member']
+ );
+ $groups = array();
+ try {
+ // Intention is to filter in 'ou=groups,dc=example,dc=com' for '(memberUid = <UID>)' and take only the attributes 'cn' (=name of the group)
+ $all_groups = $this->getLdap()->searchformultiple( $openldap_base, array($map['memberof'] => $attributes['uid'][0]) , array($map['member']));
+ } catch (SimpleSAML_Error_UserNotFound $e) {
+ break; // if no groups found return with empty (still just initialized) groups array
+ }
+ // run through all groups and add each to our groups array
+ foreach ( $all_groups as $group_entry ) {
+ $groups[] .= $group_entry[$map['member']][0];
+ }
+ break;
+
default:
// Log the general search