Has any thought been put into expanding the search to allow for child containers? For example, some Active Directory models use OU to organize users so using a singular base dn fails. There might be a generic “Users” container with two child OUs of “Power Users” and “Normal Users”. Specifying the Users container as the base DSN will leave out anyone in Power or Normal users.
A means to allow this would be to add a checkbox to the settings page with something along the lines of “Search child containers” which would cause the internal query to include child objects. For PHP, its a matter of adding ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); after the connect and before the bind.