I wanted to let you know that I looked at your code as it was provided and I was able to adapt it to get authorization based on group membership in our AD. While I still also want to get this to work with our OID, getting it to work with the AD was what I thought would have been harder vs the OID.
Long story made short, I just wanted to thank you for your code and the time you took to post it and explain it.
R. Otto R. Wessels
P.S. There are two areas in that code where it is missing it's operators. One place needed a != and the other needed an =. Once I finally got that figured out the code worked perfectly for me.