diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 26de941c54a..79ec8a74929 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -866,14 +866,15 @@ class auth_plugin_ldap extends auth_plugin_base {
                     if (!empty($this->config->forcechangepassword)) {
                         set_user_preference('auth_forcepasswordchange', 1, $id);
                     }
+
+                    // Add course creators if needed
+                    if ($creatorrole !== false and $this->iscreator($user->username)) {
+                        role_assign($creatorrole->id, $id, $sitecontext->id, $this->roleauth);
+                    }
                 } else {
                     echo "\t"; print_string('auth_dbinsertusererror', 'auth_db', $user->username); echo "\n";
                 }
 
-                // Add course creators if needed
-                if ($creatorrole !== false and $this->iscreator($user->username)) {
-                    role_assign($creatorrole->id, $user->id, $sitecontext->id, $this->roleauth);
-                }
             }
             $transaction->allow_commit();
             unset($add_users); // free mem
diff --git a/lib/ldaplib.php b/lib/ldaplib.php
index c2333f54776..f1d048ec041 100644
--- a/lib/ldaplib.php
+++ b/lib/ldaplib.php
@@ -125,7 +125,7 @@ function ldap_isgroupmember($ldapconnection, $userid, $group_dns, $member_attrib
         // Check cheaply if the user's DN sits in a subtree of the
         // "group" DN provided. Granted, this isn't a proper LDAP
         // group, but it's a popular usage.
-        if (stripos(strrev($userid), strrev($group)) === 0) {
+        if (stripos(strrev(strtolower($userid)), strrev(strtolower($group))) === 0) {
             $result = true;
             break;
         }