Hi oVirt List, I'm currently working on my new oVirt setup and want to integrate it into our LDAP server. Accounts are working fine but I have problems to get the groups working correctly. The LDAP server is base on ClearOS which is using the rfc2307bis setup. Means I don't have MemberOf inside my users. The user DN is as Member inside the group. I manage that oVirt is able to read the groups while overwriting: search.rfc2307-resolve-groups-memberUid.search-request.filter = &(objectClass=posixGroup)(memberUid=${seq:_rfc2307_uid_encoded}) with search.rfc2307-resolve-groups-memberUid.search-request.filter = &(objectClass=posixGroup)(member=${seq:_rfc2307_dn}) This is working absolutely fine for my admin group in "Administrator Portal". I can asign the group to the system permission "SuperUser" and everything is working great. My problem is with the "VM Portal" I have assigned "PowerUser" rights to a quota and it is possible to login but I receive the following error in the engine.log. 2019-07-18 07:38:12,317+02 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-5) [a6828f8b-8ded-422f-a216-5e5406d7bf20] Query execution failed due to insufficient permissions. 2019-07-18 07:38:12,319+02 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-5) [] Operation Failed: query execution failed due to insufficient permissions. I'm able to see the group permission in the user details. So I guess that something is already working. But I guess the error is preventing me to have the "create VM" button on the "VM Portal". Would be great if someone could help me out. I'm running the latest 4.3.4 version. Best regards Christoph