I am also using the LDAP-auth, and have experienced the same problem as you describe. To get around it, I chose to use id instead of name for matching:
(I have not started using the LDAP-attribute-functionality yet, but I soon will)
I do support your idea of being able to specify object-class! For my use, I cannot se the need for multiple content-class-ie's to search for, but I think the support for it should be there anyway to make it more flexible and general. It shouldn't be much more difficult to make.
The ini-variable could be an array like: LDAPUserGroupClassFilters[]
I have version 3.5.0 and it does include this id=3 logic. I happened to stumble unto it from the /cronjobs/ldapusermanage.php side. We have an odd configuration for NDS that causes all the ldap_bind function calls not to work. So I'm trying to debug that ;)
You must be logged in to post messages in this topic!