The attached patch fixes the problem on my client's deployment. It's a pretty dumb patch, I just copied the code from LDAPUserFolder that assembles the LDAP delegate query string from kwargs and pasted it into the ActiveDirectoryMultiPlugin.enumerateGroups method. I note that the LDAPMultiPlugin.enumerateGroups() actually calls acl.searchGroups and I was unable to figure out if there was a reason that ActiveDirectoryMultiPlugin.enumerateGroups() does not. I also didn't add test coverage for this or run the tests. Sorry, I'm just not familiar enough with this stack.
The attached patch fixes the problem on my client's deployment. It's a pretty dumb patch, I just copied the code from LDAPUserFolder that assembles the LDAP delegate query string from kwargs and pasted it into the ActiveDirectory MultiPlugin. enumerateGroups method. I note that the LDAPMultiPlugin .enumerateGroup s() actually calls acl.searchGroups and I was unable to figure out if there was a reason that ActiveDirectory MultiPlugin. enumerateGroups () does not. I also didn't add test coverage for this or run the tests. Sorry, I'm just not familiar enough with this stack.