Index: extended_ldapgroups/extended_ldapgroups.module
===================================================================
--- extended_ldapgroups/extended_ldapgroups.module	(revision 1004)
+++ extended_ldapgroups/extended_ldapgroups.module	(working copy)
@@ -103,6 +103,27 @@
   }
 }
 
+/**
+ * Maps Drupal role to LDAP group.
+ *
+ * @param $server
+ *   A server object, es returned by _ldapprov_get_server();
+ * @param $role
+ *   A Drupal role name.
+ *
+ * @return
+ *   Name of the corresponding LDAP group.
+ */
+function extended_ldapgroups_role_mapping($server, $role) {
+  $ldapgroups_mappings = _ldapgroups_ldap_info($server->sid, 'ldapgroups_mappings');
+  foreach ($ldapgroups_mappings as $dn => $d_role) {
+    if (strcasecmp($role, $d_role) == 0) {
+      return $dn;
+    }
+  }
+  return FALSE;
+}
+
 function extended_ladpgroups_add_group_membership($user_account, $roles_added) {
   // The global LDAP connection object
   global $_ldapprov_ldap;
@@ -133,9 +154,18 @@
         $entries = _ldapgroups_ldap_info($server->sid, 'ldapgroups_entries');
         if(!empty($entries)) {
           foreach($entries as $dn) {
-            $search_for = LDAPGROUPS_DEFAULT_DN_ATTR.'='.$role->name;
-            $group_dn = $search_for.','.$dn;
-            $user_dn = $server->user_attr.'='.$user_account->name.','.$server->basedn;
+            $group_dn = extended_ldapgroups_role_mapping($server, $role->name);
+            $parts = explode(",", $group_dn);
+            $search_for = $parts[0];
+            if (!$group_dn) {
+              watchdog('extended_ldapgroups', 'No mapping for role "' . $role->name . '" defined.', WATCHDOG_ERROR);
+              continue;
+            }
+            $basedns = explode("\n", $server->basedn);
+            if (count($basedns) > 1) {
+              watchdog('extended_ldapgroups', 'more than one base_dn stored, only first one (' . $basedns[0] . ') will be used');
+            }
+            $user_dn = $server->user_attr.'='.$user_account->name.','.$basedns[0];
             // Does the role exist as a group in LDAP?
             $ldap_search_results = $_ldapprov_ldap->search($dn,$search_for);
             $ldapgroup_attr = _ldapgroups_ldap_info($server->sid, 'ldapgroups_entries_attribute');
@@ -207,9 +237,18 @@
         $entries = _ldapgroups_ldap_info($server->sid, 'ldapgroups_entries');
         if(!empty($entries)) {
           foreach($entries as $dn) {
-            $search_for = LDAPGROUPS_DEFAULT_DN_ATTR.'='.$role->name;
-            $group_dn = $search_for.','.$dn;
-            $user_dn = $server->user_attr.'='.$user_account->name.','.$server->basedn;
+            $group_dn = extended_ldapgroups_role_mapping($server, $role->name);
+            $parts = explode(",", $group_dn);
+            $search_for = $parts[0];
+            if (!$group_dn) {
+              watchdog('extended_ldapgroups', 'No mapping for role "' . $role->name . '" defined.', WATCHDOG_ERROR);
+              continue;
+            }
+            $basedns = explode("\n", $server->basedn);
+            if (count($basedns) > 1) {
+              watchdog('extended_ldapgroups', 'more than one base_dn stored, only first one (' . $basedns[0] . ') will be used');
+            }
+            $user_dn = $server->user_attr.'='.$user_account->name.','.$basedns[0];
             // Does the role exist as a group in LDAP?
             $ldap_search_results = $_ldapprov_ldap->search($dn,$search_for);
             $ldapgroup_attr = _ldapgroups_ldap_info($server->sid, 'ldapgroups_entries_attribute');