Problem with groups with Active Directory

Installed plugin for intergration with Active Directory.
Use the following settings:

LDAP URI: ldap://XX.XX.XX.XX:389
LDAP Manager User: cn=User,ou=DIT,dc=office,dc=mydomain,dc=com
User search scope: Tree
Users container DN: dc=office,dc=mydomain,dc=com
Users search query filter: (objectClass=organizationalPerson)
Object class: inetOrgPerson

The LDAP test runs correctly, but only visible to the group or to the users.
If you are using a group of users and groups, you will get the following error:

Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module Products.CMFPlone.controlpanel.browser.usergroups_usersoverview, line 44, in __call__
  Module Products.CMFPlone.controlpanel.browser.usergroups_usersoverview, line 69, in doSearch
  Module Products.PluggableAuthService.PluggableAuthService, line 230, in getUserById
  Module Products.PluggableAuthService.PluggableAuthService, line 784, in _findUser
  Module, line 157, in getPropertiesForUser
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range(128)

node.ext.ldap = 1.0b4
node.ext.ugm = 0.9.9
pas.plugins.ldap = 1.5.1
plone.recipe.command = 1.1
plone.recipe.precompiler = 0.6
plumber = 1.5
yafowil = 2.2.3
yafowil.plone = 2.4.1

-- pas.plugins.ldap==1.5.1
node = 0.9.22
-- Required by:
-- pas.plugins.ldap==1.5.1
odict = 1.6.2
-- Required by:
-- pas.plugins.ldap==1.5.1
python-ldap = 2.4.44
-- Required by:
-- bda.cache==1.1.3
python-memcached = 1.58
-- Required by:
-- node.ext.ldap==1.0b4
smbpasswd = 1.0.2
-- Required by:
-- pas.plugins.ldap==1.5.1
yafowil.widget.array = 1.4
-- Required by:
-- pas.plugins.ldap==1.5.1
yafowil.widget.dict = 1.6
-- Required by:
-- pas.plugins.ldap==1.5.1
yafowil.yaml = 1.2

Version Plone 5

You have some problem with special (i.e. non-ascii) characters. More precisely, an str containing non-ascii characters is "combined" with a unicode string. This should not happen: at any place, you should have either str only or unicode only objects.

To resolve the issue, you must find out where the bad string type comes from. If you are using the same PlonePAS version than me (5.0.7), then the problematic code looks like

        data = self._storage.get(user.getId())

As the user id can be used in the construction of the url to the so called Member folder it should contain only legal id characters (which excludes all non-ascii characters). Ensure that your LDAP configuration satisfies this restriction (i.e. that it does not give user ids containing non-ascii characters).

I had similar problems with special German characters (Umlaute). I changed the pyhton encoding from ascii to utf8 and so far it works, but I am still testing. To change this, you have to create a file ../zinstance/lib/python2.7/ with the following content.

import sys 

You can check python encoding with the following command.
# zinstance/bin/python -c 'import sys; print(sys.getdefaultencoding())'