diff -ru ldap.orig/ldap_authorization/ldap_authorization.inc ldap/ldap_authorization/ldap_authorization.inc
--- ldap.orig/ldap_authorization/ldap_authorization.inc	2012-05-14 14:47:47.000000000 -0500
+++ ldap/ldap_authorization/ldap_authorization.inc	2012-05-17 12:45:17.577663219 -0500
@@ -181,7 +181,7 @@
     if ($detailed_watchdog_log || $debug) {
       $_proposed_ldap_authorizations_pre_hook_maps_alter = is_array($proposed_ldap_authorizations) ? $proposed_ldap_authorizations : array();
       $watchdog_tokens['%proposed_authorizations_pre_hook'] = join(', ', $_proposed_ldap_authorizations_pre_hook_maps_alter);
-      watchdog('ldap_authorization', '%username : initial proposed authorization brefore mapps_alter_invoke %consumer_type: %proposed_authorizations_pre_hook.',
+      watchdog('ldap_authorization', '%username : initial proposed authorization before maps_alter_invoke %consumer_type: %proposed_authorizations_pre_hook.',
         $watchdog_tokens, WATCHDOG_DEBUG);
     }
 
@@ -470,7 +470,7 @@
         }
       }
     }
-    elseif (isset($user_ldap_entry[$consumer_conf->deriveFromEntryAttrMatchingUserAttr])) {
+    elseif (isset($user_ldap_entry[$consumer_conf->deriveFromEntryAttrMatchingUserAttr]) || isset($user_ldap_entry['attr'][$consumer_conf->deriveFromEntryAttrMatchingUserAttr])) {
       // $derive_from_entries_entries, $derive_from_entry_attr, $derive_from_entry_user_ldap_attr, $user_ldap_entry, $nested = FALSE
       $derive_from_entry_authorizations = $ldap_server->deriveFromEntryGroups(
         $consumer_conf->deriveFromEntryEntries,
diff -ru ldap.orig/ldap_servers/LdapServer.class.php ldap/ldap_servers/LdapServer.class.php
--- ldap.orig/ldap_servers/LdapServer.class.php	2012-05-14 14:47:47.000000000 -0500
+++ ldap/ldap_servers/LdapServer.class.php	2012-05-16 17:07:24.030140618 -0500
@@ -708,7 +708,7 @@
   public function deriveFromEntryGroups($entries, $entries_attr, $membership_attr, $user_ldap_attr, $user_ldap_entry, $nested = FALSE) {
 
     $authorizations = array();
-    $matching_user_value = ($user_ldap_attr == 'dn') ? $user_ldap_entry['dn'] : $user_ldap_entry[$user_ldap_attr][0];
+    $matching_user_value = ($user_ldap_attr == 'dn') ? $user_ldap_entry['dn'] : $user_ldap_entry['attr'][$user_ldap_attr][0];
     $filter  = "(|\n    ($entries_attr=" . join(")\n    ($entries_attr=", $entries) . ")\n)";
     if (!$nested) {
       $filter =  "(&\n  $filter  \n  (" . $membership_attr . "=" .  $matching_user_value . ")  \n)";