This optional parameter is used to generate an ADSI user name
identifier when checking group membership through a Group= check item.
Defaults to ‘WinNT://%1’ (i.e. the named user). Special characters can be
used, and %0 is replaced with the name of the group being checked, and %1
with the name of the user whose group membership is being
checked.
This example checks whether an NT user in the OSC domain is
in an NT Group in the OSC domain:
GroupBindString WinNT://OSC/%0,Group
GroupUserBindString WinNT://OSC/%1
This example checks whether
the active directory user identified by GroupUserBindString is in the
group defined by GroupBindString.
GroupBindString LDAP://cn=%0,dc=open,dc=com,dc=au
GroupUserBindString LDAP://cn=%1,cn=Users,dc=open,dc=com,dc=au
Tip
With AD, do not confuse Organizational Unit with group
membership. They are different ideas. A user can be in one OU, but be a
member of multiple groups. Use GroupBindString, GroupUserBindString and
the Group= check item to check for AD group members.