LDAP Groups created by all DN parts

So i wanted to grant permissions for users by virtue of their org unit membership.

using the group by DN method works, but doesn't allow me to be specific enough.

For example the following DN:
uid=joe,ou=admin,ou=org1,ou=People,dc=example,dc=com

if i set the group by DN setting to use "ou" for grouping, i would get the groups:

admin
org1
People

but if another user comes along with this DN:
uid=joe,ou=admin,ou=org2,ou=People,dc=example,dc=com
They would have these groups:

admin
org2
People

Which poses a problem, because i want to assign a role to the "admins" in group1 but not the admins in group2
Because i'm not dealing with actual "group" memberships here but OU membership, i can't specify the DN of the org unit in the permission mapping. I can only specify the name of an individual org unit.

So, my work-around:

ldapgroups.inc Line 104

// Strategy 1: group extracted from user's DN.
  $dn_groups = array();
  if (_ldapgroups_ldap_info($user, 'ldapgroups_in_dn')) {
    $pairs = explode(',', $user->ldap_dn);
    foreach ($pairs as $p) {
      $pair = explode('=', $p);
      if (drupal_strtolower(trim($pair[0])) == drupal_strtolower(_ldapgroups_ldap_info($user, 'ldapgroups_dn_attribute')))
        $dn_groups[] = trim($pair[1]);
    }
    
   	//NEW BIT: add groups based on org unit memberships in the user DN
   	while( array_shift($pairs) && count($pairs) )
   	{ 
   		$dn_groups[] = implode(',',$pairs);
   	}
  }

The results are that the user then has the following groups available for mapping:

ou=admin,ou=org2,ou=People,dc=example,dc=com
ou=org2,ou=People,dc=example,dc=com
ou=People,dc=example,dc=com
dc=example,dc=com
dc=com

Which is really really handy for mapping based on org unit memberships.

I'm not sure if this change is suitable for release in the module, but it's food for thought at least.

-TH