--- auth.inc.save	2014-01-23 18:28:54.000000000 -0800
+++ auth.inc	2014-01-23 19:25:30.000000000 -0800
@@ -914,8 +914,9 @@
                 $ldapbindpw         = $authcfg['ldap_bindpw'];
                 $ldapauthcont       = $authcfg['ldap_authcn'];
                 $ldapnameattribute  = strtolower($authcfg['ldap_attr_user']);
-                $ldapgroupattribute  = strtolower($authcfg['ldap_attr_member']);
-                $ldapfilter         = "({$ldapnameattribute}={$username})";
+		$ldapgroupattribute = strtolower($authcfg['ldap_attr_group']);
+                $ldapmemberattribute  = strtolower($authcfg['ldap_attr_member']);
+                $ldapfilter         = "(|(&(objectClass=inetOrgPerson)({$ldapnameattribute}={$username}))(&(objectClass=posixGroup)({$ldapmemberattribute}={$username})))";
                 $ldaptype           = "";
                 $ldapver            = $authcfg['ldap_protver'];
 		if (empty($ldapbindun) || empty($ldapbindpw))
@@ -928,10 +929,9 @@
 	} else
 		return false;
 
-	$ldapdn             = $_SESSION['ldapdn'];
+	$ldapdn = $ldapbasedn;
 
 	/*Convert attribute to lowercase.  php ldap arrays put everything in lowercase */
-	$ldapgroupattribute = strtolower($ldapgroupattribute);
 	$memberof = array();
 
         /* Setup CA environment if needed. */
@@ -969,25 +969,31 @@
 	/* get groups from DN found */
 	/* use ldap_read instead of search so we don't have to do a bunch of extra work */
 	/* since we know the DN is in $_SESSION['ldapdn'] */
-	//$search    = ldap_read($ldap, $ldapdn, "(objectclass=*)", array($ldapgroupattribute));
+	//$search    = ldap_read($ldap, $ldapdn, "(objectclass=*)", array($ldapmemberattribute));
 	if ($ldapscope == "one")
                 $ldapfunc = "ldap_list";
         else
                 $ldapfunc = "ldap_search";
 
-	$search    = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute));
+	$search    = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapmemberattribute, $ldapgroupattribute, 'objectClass'));
 	$info      = @ldap_get_entries($ldap, $search);
 
 	$countem = $info["count"];	
-	
-	if(is_array($info[0][$ldapgroupattribute])) {
-		/* Iterate through the groups and throw them into an array */
-		foreach ($info[0][$ldapgroupattribute] as $member) {
-			if (stristr($member, "CN=") !== false) {
-				$membersplit = explode(",", $member);
-				$memberof[] = preg_replace("/CN=/i", "", $membersplit[0]);
+
+	for ($g = 0; $g < $countem; $g++) {
+		if(is_array($info[$g][$ldapmemberattribute]) && in_array('inetOrgPerson', $info[$g]['objectclass'])) {
+			/* Iterate through the groups and throw them into an array */
+			foreach ($info[$g][$ldapmemberattribute] as $member) {
+				if (stristr($member, "CN=") !== false) {
+					$membersplit = explode(",", $member);
+					$memberof[] = preg_replace("/CN=/i", "", $membersplit[0]);
+				}
 			}
 		}
+
+		if(is_array($info[$g][$ldapgroupattribute]) && $info[$g][$ldapgroupattribute]['count'] > 0 && in_array('posixGroup', $info[$g]['objectclass'])) {
+			$memberof[] = $info[$g][$ldapgroupattribute][0];
+		}
 	}
 	
 	/* Time to close LDAP connection */