diff --git a/ldap_authorization/LdapAuthorizationConsumerConf.class.php b/ldap_authorization/LdapAuthorizationConsumerConf.class.php
index 589650c..b6d1b85 100644
--- a/ldap_authorization/LdapAuthorizationConsumerConf.class.php
+++ b/ldap_authorization/LdapAuthorizationConsumerConf.class.php
@@ -16,6 +16,7 @@
 class LdapAuthorizationConsumerConf {
 
   public $sid = NULL;
+  public $adminSid = NULL;
   public $server;
   public $consumerType = NULL;
   public $consumerModule = NULL;
@@ -103,6 +104,13 @@ class LdapAuthorizationConsumerConf {
       }
     }
     $this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id)? $server_record->numeric_consumer_conf_id : NULL;
+    // Set the authentication server sid to the same server that the user
+    // authenticated against.  This will ensure that the group authorization
+    // is queried from the correct server in multiple domain environments.
+    $this->adminSid = $this->sid;
+    if($this->sid == LDAP_USER_AUTH_SERVER_SID && isset($_SESSION['ldap_user_session_prov_sid'])) {
+      $this->sid = $_SESSION['ldap_user_session_prov_sid'];
+    }
     $this->server = ldap_servers_get_servers($this->sid, NULL, TRUE);
     return TRUE;
 
diff --git a/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php b/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
index 0684de7..54f0cc6 100644
--- a/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
+++ b/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
@@ -12,6 +12,7 @@ module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConf.
    */
 class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
 
+  protected $drupalAcctProvisionServerOptions = array();
 
   public function save() {
 
@@ -93,6 +94,14 @@ class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
         $this->$property = $value;
       }
     }
+
+    if ($servers = ldap_servers_get_servers(NULL, 'enabled')) {
+      $this->drupalAcctProvisionServerOptions[LDAP_USER_AUTH_SERVER_SID] = t('Use server which performed the authentication. Useful for multi-domain environments.');
+      foreach ($servers as $sid => $ldap_server) {
+        $enabled = ($ldap_server->status) ? 'Enabled' : 'Disabled';
+        $this->drupalAcctProvisionServerOptions[$sid] = $ldap_server->name . ' (' . $ldap_server->address . ') Status: ' . $enabled;
+      }
+    }
   }
 
   public function drupalForm($server_options, $op) {
@@ -114,8 +123,8 @@ class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
       '#type' => 'radios',
       '#title' => t('LDAP Server used in !consumer_name configuration.', $consumer_tokens),
       '#required' => 1,
-      '#default_value' => $this->sid,
-      '#options' => $server_options,
+      '#default_value' => $this->adminSid,
+      '#options' => $this->drupalAcctProvisionServerOptions,
     );
 
     $form['status']['consumer_type'] = array(
diff --git a/ldap_authorization/ldap_authorization.inc b/ldap_authorization/ldap_authorization.inc
index 4d5dfd1..0f62a53 100644
--- a/ldap_authorization/ldap_authorization.inc
+++ b/ldap_authorization/ldap_authorization.inc
@@ -155,7 +155,7 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
       continue;
     }
 
-    if (! isset($servers[$consumer->consumerConf->sid])) {
+    if ($consumer->consumerConf->sid != LDAP_USER_AUTH_SERVER_SID && !isset($servers[$consumer->consumerConf->sid])) {
       $notifications[$consumer_type][] = LDAP_AUTHORIZATION_SERVER_CONFIG_NOT_FOUND;
       if ($detailed_watchdog_log) {
         watchdog('ldap_authorization', '%username : %consumer_type ldap server %sid not enabled or found.', $watchdog_tokens, WATCHDOG_DEBUG);
@@ -164,6 +164,14 @@ function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $
     }
 
     $ldap_server = $consumer->consumerConf->server;
+    if (!$ldap_server && 
+    	  $consumer->consumerConf->sid == LDAP_USER_AUTH_SERVER_SID && 
+    	  property_exists($user, 'data') && 
+    	  isset($user->data['ldap_user']['init']['sid']) &&
+    	  isset($servers[$user->data['ldap_user']['init']['sid']])) {
+    	$ldap_server = $servers[$user->data['ldap_user']['init']['sid']];
+    	$consumer->consumerConf->server = $ldap_server;
+    }
 
     /**
      * 1. first just need to figure out what authz_ids are generated for this consumer type/mapping configuration
@@ -482,7 +490,7 @@ function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_e
   }
 
   // traditional groups (dns)
-  $group_dns = $consumer_conf->server->groupMembershipsFromUser($user, 'group_dns');
+  $group_dns = $consumer_conf->server->groupMembershipsFromUser($user_ldap_entry, 'group_dns');
  // debug("groupMembershipsFromUser, group_dns"); debug($group_dns);
   if (!$group_dns) {
     $group_dns = array();
diff --git a/ldap_authorization/ldap_authorization.module b/ldap_authorization/ldap_authorization.module
index 0faa848..10426e7 100644
--- a/ldap_authorization/ldap_authorization.module
+++ b/ldap_authorization/ldap_authorization.module
@@ -135,23 +135,45 @@ function ldap_authorization_ldap_server_in_use($sid, $server_name) {
  * Implements hook_ldap_attributes_needed_alter().
  */
 function ldap_authorization_ldap_attributes_needed_alter(&$attribute_maps, $params) {
-
   if (isset($params['ldap_context'])) {
     $parts = explode('__', $params['ldap_context']);
-    if (count($parts) == 2 && $parts[0] == 'ldap_authorization') {
-      $consumer_type = $parts[1];
+
+    $add_parts = FALSE;
+    if(count($parts) == 2 && $parts[0] == 'ldap_authorization' ) {
+      $add_parts = $parts[1];
+    } elseif($parts[0] == 'ldap_user_prov_to_drupal' || $parts[0] == 'all') {
+      $add_parts = 'drupal_role';
+    }
+
+
+    if ($add_parts) {
+      $consumer_type = $add_parts;
       $consumer_conf = ldap_authorization_get_consumer_conf($consumer_type);
-      if ($consumer_conf->server->groupUserMembershipsAttrExists) {
-        $attribute_name = $consumer_conf->server->groupUserMembershipsAttr;
+      
+      // Get the server settings
+      $server = $consumer_conf->server;
+      if (!$server && isset ($params['sid']) && $params['sid'] != LDAP_USER_AUTH_SERVER_SID) {
+      	$server = ldap_servers_get_servers($params['sid'], NULL, TRUE);
+      }
+
+      if ($server && $server->groupUserMembershipsAttrExists) {
+        $attribute_name = $server->groupUserMembershipsAttr;
         if ($attribute_name) {
           $attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); //array($attribute_name, 0, NULL);
         }
+
+        if (isset($server->groupMembershipsAttr)) {
+          $attribute_name = $server->groupMembershipsAttr;
+          if ($attribute_name) {
+            $attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); //array($attribute_name, 0, NULL);
+          }
+        }
       }
     }
   }
-
 }
 
+
 /**
  * Implements hook_ldap_authorization_maps_alter().
  *
diff --git a/ldap_authorization/ldap_authorization.theme.inc b/ldap_authorization/ldap_authorization.theme.inc
index 1dcc9e4..6272961 100644
--- a/ldap_authorization/ldap_authorization.theme.inc
+++ b/ldap_authorization/ldap_authorization.theme.inc
@@ -29,7 +29,7 @@ function theme_ldap_authorization_admin_index(&$variables) {
     }
 
     $table['rows'][] = array(
-      $consumer->consumerConf->sid,
+      $consumer->consumerConf->adminSid,
       $consumer->name,
       $consumer->consumerModule,
       $consumer_type,
diff --git a/ldap_servers/ldap_servers.module b/ldap_servers/ldap_servers.module
index 8534415..16a8f9a 100644
--- a/ldap_servers/ldap_servers.module
+++ b/ldap_servers/ldap_servers.module
@@ -695,41 +695,46 @@ function ldap_servers_get_user_ldap_data($drupal_user, $sid = NULL, $ldap_contex
   }
   // if no explicit $sid, find most appropriate one
   if (module_exists('ldap_user') && (!$sid || $sid == LDAP_USER_AUTH_SERVER_SID)) {
-    if (property_exists($drupal_user, 'ldap_user_puid_sid') &&
+    if (property_exists($drupal_user, 'data') && isset($drupal_user->data['ldap_user']['init']['sid'])) {
+      $sid = $drupal_user->data['ldap_user']['init']['sid'];
+    }
+    elseif (property_exists($drupal_user, 'ldap_user_puid_sid') &&
         !empty($drupal_user->ldap_user_puid_sid['und'][0]['value'])
       ) {
+      // Get SID from the user
       $sid = $drupal_user->ldap_user_puid_sid['und'][0]['value'];
     }
     else {
+      // Get SID from the settings
       $ldap_user_conf = ldap_user_conf();
       ldap_user_reset_provision_server($ldap_user_conf, $drupal_user);
       $sid = $ldap_user_conf->drupalAcctProvisionServer;
     }
   }
-  elseif (!$sid) {
-    $ldap_servers = ldap_servers_get_servers(NULL, 'enabled');
-    if (count($ldap_servers) == 1) {
-      $sids = array_keys($ldap_servers);
-      $sid = $sids[0];
-    }
-  }
 
-  $ldap_server = ($sid) ? ldap_servers_get_servers($sid, 'enabled', TRUE) : FALSE;
+  // If at this point it's still LDAP_USER_AUTH_SERVER_SID, choose null to select all servers.
+  if ($sid == LDAP_USER_AUTH_SERVER_SID) $sid = NULL;
+
+  $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
 
-  if ($ldap_server === FALSE) {
+  if ($ldap_servers === FALSE) {
     watchdog('ldap_servers', 'Failed to load server object %sid in _ldap_servers_get_user_ldap_data', array('%sid' => $sid), WATCHDOG_ERROR);
     return FALSE;
   }
 
-  $ldap_user = $ldap_server->userUserNameToExistingLdapEntry($drupal_username, $ldap_context);
+  $found_user = FALSE;
+  $ldap_user = FALSE;
 
-  if ($ldap_user) {
-    $ldap_user['sid'] = $sid;
-  }
-  else {
-    $ldap_user = FALSE;
+  foreach ($ldap_servers as $ldap_server) {
+    $found_user = $ldap_server->userUserNameToExistingLdapEntry($drupal_username, $ldap_context);
+    if ($found_user) {
+      $ldap_user = $found_user;
+      $ldap_user['sid'] = $ldap_server->sid;
+      break;
+    }
   }
 
+  if (!$ldap_user) $ldap_user = FALSE;
   return $ldap_user;
 }
 
diff --git a/ldap_user/ldap_user.module b/ldap_user/ldap_user.module
index c1ac634..1eaa7bc 100644
--- a/ldap_user/ldap_user.module
+++ b/ldap_user/ldap_user.module
@@ -891,7 +891,8 @@ function ldap_user_user_login(&$edit, $account) {
     if ($ldap_user_conf->provisionsDrupalAccountsFromLdap && in_array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, array_keys($ldap_user_conf->provisionsDrupalEvents))) {
       $ldap_user = ldap_servers_get_user_ldap_data($account->name, $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
       if ($ldap_user) {
-        $ldap_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, NULL, TRUE);
+      	$sid = $ldap_user_conf->drupalAcctProvisionServer == LDAP_USER_AUTH_SERVER_SID ? $ldap_user['sid'] : $ldap_user_conf->drupalAcctProvisionServer;
+        $ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
         $ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER));
         if (empty($account->picture->fid)) { // see #1973352 and #935592
           $account2 = user_load($account->uid);
