Index: jldap/src/java/edu/amc/sakai/user/SimpleLdapAttributeMapper.java
===================================================================
--- jldap/src/java/edu/amc/sakai/user/SimpleLdapAttributeMapper.java	(revision 308434)
+++ jldap/src/java/edu/amc/sakai/user/SimpleLdapAttributeMapper.java	(working copy)
@@ -172,6 +172,12 @@
 		}
 	}
 
+	public String getFindUserByAidFilter(String aid) {
+		String eidAttr = 
+			attributeMappings.get(AttributeMappingConstants.AUTHENTICATION_ATTR_MAPPING_KEY);
+		return eidAttr + "=" + escapeSearchFilterTerm(aid);
+	}
+
 	/**
 	 * Performs {@link LDAPEntry}-to-{@Link LdapUserData} attribute
      * mappings. Assigns the given {@link LDAPEntry}'s DN to the
Index: jldap/src/java/edu/amc/sakai/user/LdapAttributeMapper.java
===================================================================
--- jldap/src/java/edu/amc/sakai/user/LdapAttributeMapper.java	(revision 308434)
+++ jldap/src/java/edu/amc/sakai/user/LdapAttributeMapper.java	(working copy)
@@ -63,6 +63,14 @@
 	public String getFindUserByEidFilter(String eid);
 
 	/**
+	 * Output a filter string for searching the directory with
+	 * the specified user aid as a key.
+	 * @param aid a user authentication id.
+	 * @return an LDAP search filter
+	 */
+	public String getFindUserByAidFilter(String aid);
+	
+	/**
 	 * Maps attribites from the specified <code>LDAPEntry</code> onto
 	 * a {@link LdapUserData}.
 	 * 
Index: jldap/src/java/edu/amc/sakai/user/AttributeMappingConstants.java
===================================================================
--- jldap/src/java/edu/amc/sakai/user/AttributeMappingConstants.java	(revision 308434)
+++ jldap/src/java/edu/amc/sakai/user/AttributeMappingConstants.java	(working copy)
@@ -38,6 +38,11 @@
 	public static final String LOGIN_ATTR_MAPPING_KEY = "login";
 	
 	/** Key into {@link #DEFAULT_ATTR_MAPPINGS} representing the logical
+	 * name of a user entry's authentication (aka Sakai "AID") attribute
+	 */
+	public static final String AUTHENTICATION_ATTR_MAPPING_KEY = "aid";
+	
+	/** Key into {@link #DEFAULT_ATTR_MAPPINGS} representing the logical
 	 * name of a user entry's given name attribute
 	 */
 	public static final String FIRST_NAME_ATTR_MAPPING_KEY = "firstName";
@@ -68,6 +73,11 @@
 	public static final String DEFAULT_LOGIN_ATTR = "cn";
 	
 	/** Default value in {@link #DEFAULT_ATTR_MAPPINGS} representing
+	 * the physical name of a user entry's authentication (aka Sakai "AID") attribute
+	 */
+	public static final String DEFAULT_AUTHENTICATION_ATTR = "dn";
+	
+	/** Default value in {@link #DEFAULT_ATTR_MAPPINGS} representing
 	 * the physical name of a user entry's given name attribute
 	 */
 	public static final String DEFAULT_FIRST_NAME_ATTR = "givenName";
@@ -102,6 +112,7 @@
 	static {
 		
 		DEFAULT_ATTR_MAPPINGS.put(LOGIN_ATTR_MAPPING_KEY, DEFAULT_LOGIN_ATTR);
+		DEFAULT_ATTR_MAPPINGS.put(AUTHENTICATION_ATTR_MAPPING_KEY, DEFAULT_AUTHENTICATION_ATTR);
 		DEFAULT_ATTR_MAPPINGS.put(FIRST_NAME_ATTR_MAPPING_KEY, DEFAULT_FIRST_NAME_ATTR);
 		DEFAULT_ATTR_MAPPINGS.put(PREFERRED_FIRST_NAME_ATTR_MAPPING_KEY, DEFAULT_PREFERRED_FIRST_NAME_ATTR);
 		DEFAULT_ATTR_MAPPINGS.put(LAST_NAME_ATTR_MAPPING_KEY, DEFAULT_LAST_NAME_ATTR);
Index: jldap/src/java/edu/amc/sakai/user/LdapConnectionManagerConfig.java
===================================================================
--- jldap/src/java/edu/amc/sakai/user/LdapConnectionManagerConfig.java	(revision 308434)
+++ jldap/src/java/edu/amc/sakai/user/LdapConnectionManagerConfig.java	(working copy)
@@ -233,4 +233,9 @@
 	 * @param maxResultSize The maximum number of results to ever get back from LDAP.
 	 */
 	public void setMaxResultSize(int maxResultSize);
+
+	/**
+	 * @param enable If <code>true</code> then perform searches for users by Authentication ID.
+	 */
+	public void setEnableAid(boolean enable);
 }
Index: jldap/src/java/edu/amc/sakai/user/JLDAPDirectoryProvider.java
===================================================================
--- jldap/src/java/edu/amc/sakai/user/JLDAPDirectoryProvider.java	(revision 308434)
+++ jldap/src/java/edu/amc/sakai/user/JLDAPDirectoryProvider.java	(working copy)
@@ -32,6 +32,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.sakaiproject.user.api.ExternalUserSearchUDP;
+import org.sakaiproject.user.api.AuthenticationIdUDP;
 import org.sakaiproject.user.api.User;
 import org.sakaiproject.user.api.UserDirectoryProvider;
 import org.sakaiproject.user.api.UserEdit;
@@ -57,7 +58,7 @@
  * @author David Ross, Albany Medical College
  * @author Rishi Pande, Virginia Tech
  */
-public class JLDAPDirectoryProvider implements UserDirectoryProvider, LdapConnectionManagerConfig, ExternalUserSearchUDP, UsersShareEmailUDP
+public class JLDAPDirectoryProvider implements UserDirectoryProvider, LdapConnectionManagerConfig, ExternalUserSearchUDP, AuthenticationIdUDP, UsersShareEmailUDP
 {
 	/** Default LDAP connection port */
 	public static final int DEFAULT_LDAP_PORT = 389;
@@ -158,6 +159,9 @@
 	
 	private int searchScope = DEFAULT_SEARCH_SCOPE;
 
+	/** Should the provider support searching by Authentication ID */
+	private boolean enableAid = false;
+
 	/** 
 	 * User entry attribute mappings. Keys are logical attr names,
 	 * values are physical attr names.
@@ -581,6 +585,34 @@
 
 	}
 
+	public boolean getUserbyAid(String aid, UserEdit user)
+	{
+		// Only do search if we're enabled.
+		if (!(enableAid)) {
+			return false;
+		}
+		LdapUserData foundUserData = getUserByAid(aid, null);
+		if ( foundUserData == null ) {
+			return false;
+		}
+		if ( user != null ) {
+			mapUserDataOntoUserEdit(foundUserData, user);
+		}
+		return true;
+	}
+
+	public LdapUserData getUserByAid(String aid, LDAPConnection conn) {
+		String filter = ldapAttributeMapper.getFindUserByAidFilter(aid);
+		LdapUserData mappedEntry = null;
+		try {
+			mappedEntry = (LdapUserData) searchDirectoryForSingleEntry(filter,
+					conn, null, null, null);
+		} catch (LDAPException e) {
+			M_log.error("Failed to find user for AID: " + aid, e);
+		}
+		return mappedEntry;
+	}
+
 	/**
 	 * Similar to iterating over <code>users</code> passing
 	 * each element to {@link #getUser(UserEdit)}, removing the
@@ -817,7 +849,13 @@
 					"][reusing conn = " + (conn != null) + "]");
 		}
 
-		LdapUserData foundUserData = getUserByEid(eid, conn);
+		LdapUserData foundUserData;
+		if (enableAid) {
+			foundUserData = getUserByAid(eid, conn);
+		} else {
+			foundUserData = getUserByEid(eid, conn);
+		}
+
 		if ( foundUserData == null ) {
 			if ( M_log.isDebugEnabled() ) {
 				M_log.debug("lookupUserEntryDN(): no directory entried found [eid = " + 
@@ -1344,6 +1382,13 @@
 	/**
 	 * {@inheritDoc}
 	 */
+	public void setEnableAid(boolean enableAid) {
+		this.enableAid = enableAid;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
 	public int getMaxResultSize() {
 		return maxResultSize;
 	}
Index: component/src/webapp/WEB-INF/jldap-beans.xml
===================================================================
--- component/src/webapp/WEB-INF/jldap-beans.xml	(revision 308434)
+++ component/src/webapp/WEB-INF/jldap-beans.xml	(working copy)
@@ -154,6 +154,13 @@
 		<!-- property name="maxResultSize">
 		  <value>1000</value>
 		</property -->
+
+		<!-- Optional. Require a different ID for login. This allows you to have one ID for logins
+		     and another EID which is used when looking up course/group information.
+		     Defaults to false -->
+		<!-- property name="enableAid">
+		  <value>true</value>
+		</property -->
 		
 		<!-- Optional. Defaults to an instance of 
 		edu.amc.sakai.user.SimpleLdapAttributeMapper -->