LDAP Authorization: Roles not updated, authorization test fails,duplicate entries in ldap_authorization

I had an earlier LDAP beta (7?) running on this Drupal 7.12 host using SSO and role mapping (using strategy II.C) and filtering worked great once I worked around the tiny bug John spotted in this issue:

LDAP Authorization: Duplicate entry in db after updating configuration

http://drupal.org/node/1468990

Just today I configured most recent beta 10 on an updated test version of the same. I disabled LDAP modules, dropped the ldap_servers and ldap_authorization tables before replacing earlier beta with beta 10 (See: "Did I miss something?" below*), and now I experience failures that mirror both the previously noted issue and this other issue:

LDAP Authorization: Roles not being granted

http://drupal.org/node/1280798

The situation: LDAP server config and test looks great. LDAP authentication with SSO also seems fine. New SSO-authed visitors have accounts automatically created with no problems. However, no roles are added to users_roles when those new users sign on, nor are any new role assignments added for existing users.

I observe the following:

If I run authorization test with single user then the column for AUTHORIZATION IDS is empty, but no warnings are displayed and watchdog shows:

LdapAuthorizationConsumerAbstract grantsAndRevokes() method log. action=grant:
%consumer_ids_log

If I run test with "10 random users", AUTHORIZATION IDS column is empty save for
note about admin account ("not applicable") and I see 2 identical warnings:

Notice: Undefined index: drupal_role in ldap_authorization_test_form_submit() (line 143 of /var/www/html/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.test.inc).

and I see no message logged in watchdog for ldap_authorization.

Configuration options for cn/dn have expanded in this recent version and I tried different values with same result. Attached is my HTML config file and I have edited it in a couple of places to show that I tried different values. Note: I don't see a value in help/html output for "Attribute holding the previous list of values. e.g. cn, dn" (derive_from_entry_entries_attr) but I tried cn and dn.

I get the sense that I may be missing something with respect to new, more explicit configuration options. In the course of looking at the actual content of ldap_authorization table, though, I decided to file this as a bug report as the behavior has re-emerged where duplicate entries are made in that table (I checked and see no regression from the fix John made in that first, related issue.

I had built an active filter whitelist in the simple form of groupname|groupname and that was working in previous beta. I disabled filter to see if behavior would change, buty it did not -- groups were not updated.

Apologies for verbosity, but wanted to be complete.

Jim

---

*Did I miss something? My first attempt to configure beta 10 failed with an error I neglected to note. So I simply dropped those 2 tables and replaced the LDAP module/s. Is there any configuration anywhere else that could be borken?