Hi! In my tests I couldn't use posixGroups, even changing the ldap.group.object configuration. The query is always in the format:
(&(objectClass=inetOrgPerson)(uid=userone)(|(memberOf=cn=groupaccount1,ou=groups,dc=domain))) Looking for the memberOf attribute in the user entity is the problem. I'm using inetOrgPerson and no memberOf attribute exists. The only way I found to make this configuration work was to enable the RFC2307bis schema (replacing NIS schema), so my groups could be made of type posixGroup AND groupOfNames. This RFC permits that groups can be of these two types. Then, I had to enable the LDAP "overlay module" with member: attribute to keep referential integrity between groups and users. Groups now have the member: attribute synchronized with users memberOf: attribute. With these changes my LDAP server can answer queries with memberOf= filters. To Cloustack work with posixGroups I think the code should make different queries when the administrator configures ldap.group.object: posixGroup, not using memberOf. Thank you! :) -- __________________________ Aviso de confidencialidade Esta mensagem da Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro de 1972, e enviada exclusivamente a seu destinatario e pode conter informacoes confidenciais, protegidas por sigilo profissional. Sua utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao emitente, esclarecendo o equivoco. Confidentiality note This message from Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government company established under Brazilian law (5.851/72), is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you are not the addressee, please send it back, elucidating the failure.