Group mapping works with active directory. Here is the configuration I have in my machine:
$ onegroup show test | grep GROUP_DN
GROUP_DN="CN=cloud,CN=Groups,DC=opennebula,DC=org"
$ grep -v '^$' ldap_auth.conf | grep -v '^ *#'
server 1:
:user: 'Administrator@opennebula.org'
:password: '*******'
:auth_method: :simple
:host: domain.server
:port: 389
:base: 'dc=opennebula,dc=org'
:user_field: 'sAMAccountName'
:mapping_generate: true
:mapping_timeout: 300
:mapping_filename: server1.yaml
:mapping_key: GROUP_DN
:mapping_default: 1
:order:
- server 1
This is the manual execution of the driver action with a test user in that cloud group and the mapping file that was generated automatically by the driver:
$ $ONE_LOCATION/var/remotes/auth/ldap/authenticate test - test
Trying server server 1
ldap test CN=test%20test,CN=Users,DC=opennebula,DC=org 100
$ cat $ONE_LOCATION/var/server1.yaml
---
CN=cloud,CN=Groups,DC=opennebula,DC=org: '100'
Notice the number 100 in the authentication test. That is the id of cloud group so it is correctly mapped.