LDAP Server: LDAP Role to Drupal Role Query assumes group object class exists.

I'm trying to migrate a Drupal 6 LDAP configuration that works to Drupal 7 using LDAP. The LDAP role to drupal role wasn't working correctly.

In Drupal 6, the LDAP logs show a search of the format
SRCH base="ou=Groups,dc=example,dc=org" scope=2 filter="(uniqueMember=uid=user,ou=Users,dc=example,dc-org)" attrs="uniqueMember"

In Drupal 7, there was an extra &(objectClass=groups) being added at the start of the filter - per the server configuration suggestion that groups might be a good thing to try. Setting groups blank still left an empty &(objectClass=) at the start which didn't work. I put in a test for blank in the LdapServer.class.php file

1684,1689c1684
if ($this->groupObjectClass == '') {
  $group_query = '(' . $this->groupMembershipsAttr . "=$member_value)";
}
else {
  $group_query = '(&(objectClass=' . $this->groupObjectClass . ')(' . $this->groupMembershipsAttr . "=$member_value))";
}

and groups now populate. I'm not sure where else this should be applied or even if this is the best approach, or will blow up some other function, but it did seem to work in the test cases and no other combination would.

Our LDAP configuration is like
dn: uid=some_user,ou=Users,dc=example,dc=org

dn: cn=moderators,ou=Groups,dc=example,dc=org
ou: groups
cn: moderators
uniqueMember: uid=some_user,ou=Users,dc=automation,dc=net

I wasn't able to download the latest dev snapshot to test, so I don't know whether or not an empty groupMembershipsAttr is now tested for, but this at least comes a step closer to replicating what worked in Drupal 6 and I thought I'd pass it along.