Redirect to Main page whenever wp-login.php is called on subdomain

I'm struggling with an Active Directory Integration plugin that doesn't want to play nice with Multisite (you can see the discussion here).

When users log in from the main domain everything works seamlessly. The buddybar appears; all your blogs are accessible via that bar, etc. But if you log out from a subdomain ie myblog.domain.com, the resulting wp-login.php page (myblog.domain.com/wp-login.php) doesn't allow you to log back in, because the LDAP credentials aren't being "network enabled" properly. This also applies if the user has added a Meta widget to allow for login from the sidebar.

As a possible stop-gap measure, while I explore other options, I want to add this code:

if ($_SERVER['REQUEST_URI'] != "/wp-login.php") {
        wp_redirect('http://'.$_SERVER['HTTP_HOST'].'/wp-login.php');
}

as suggested in the linked forum, but I'm not sure where to put it. Does it need to be in the functions.php file of every theme on the network (there are a few). Is there a way to use the mu-plugin folder to run this site-wide?