--- mantis-orig/core/config_defaults_inc.php    2008-06-05 17:18:24.000000000 -0700
+++ mantis-orig/core/config_defaults_inc.php    2008-06-05 17:19:16.000000000 -0700
@@ -798,6 +798,8 @@
        $g_ldap_organization    = '';    # e.g. '(organizationname=*Traffic)'
        $g_ldap_uid_field               = 'uid'; # Use 'sAMAccountName' for Active Directory
        $g_ldap_bind_dn                 = '';
+       $g_ldap_role_field              = '';
+       $g_ldap_role                    = '';
        $g_ldap_bind_passwd             = '';
        $g_use_ldap_email               = OFF; # Should we send to the LDAP email address or what MySql tells us

--- mantis-orig/core/ldap_api.php       2008-06-05 17:20:59.000000000 -0700
+++ mantis/core/ldap_api.php    2008-06-05 17:16:05.000000000 -0700
@@ -114,7 +114,11 @@

                $t_username             = user_get_field( $p_user_id, 'username' );
                $t_ldap_uid_field       = config_get( 'ldap_uid_field', 'uid' ) ;
-               $t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
+               $t_ldap_role_field      = config_get( 'ldap_role_field', '' ) ;
+               $t_ldap_role            = config_get( 'ldap_role', '' ) ;
+               $t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)";
+               if ($t_ldap_role_field !== '')
+                       $t_search_filter .= "($t_ldap_role_field=*$t_ldap_role*)";
                $t_search_filter .= ")";
                $t_search_attrs         = array( $t_ldap_uid_field, 'dn' );
                $t_ds                   = ldap_connect_bind();