Hi, I have LDAP with rfc2307bis schema - I have posixGroup, with members defined as FDNs under the member attribute. Currently, if I login to oVirt via the AAA extension. then my groups are not enumerated. The LDAP searches (recorded on the LDAP server)  are:  slapd[1503]: conn=7876 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=jreynolds))"  slapd[1503]: conn=7876 op=2 SRCH attr=entryUUID cn description  slapd[1503]: conn=7871 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup))(uniqueMember:uniqueMemberMatch:=cn=jreynolds,ou=users,dc=example,dc=com))"  slapd[1503]: conn=7871 op=2 SRCH attr=entryUUID cn description This returns no results, as the search needs to search for 'member' attribute, with an FDN. The issue looks to be inherited from the simple.properties file (regardless of if I use rfc2307, rfc2307-openldap profile), with the line: search.simple-resolve-groups-member.search-request.filter = &${seq:simple_filterGroupObject}(${seq:simple_attrGroupMemberDN}=${seq:_simple_dn_encoded}) I can fix the issue by replacing "${seq:simple_attrGroupMemberDN}=" with "member=", but this feels pretty hacky. I cannot find where this variable is defined, nor how to change it. Is the correct way to do this to create a new profile that overwrites the filter value? Or am I doing something wrong? I don't think my LDAP schema is particularly unusual, as far as I'm aware it complies with rfc2307bis spec. Thanks, Jake _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3XOIVHSOLQ2...