The problem is that this doesn't work if the user values are in a nested group, it only works if the users are in my main group (xv64ut09). I would guess that linux / sssd can support this type of nesting. Is there a change that needs to be done from the ldap server side, in the schema, or maybe something else that I have missed? I am using the rfc2307bis...
I'm not clear what you mean by nested group? Do you mean another group that's a child entry of the parent? If so, then no, your filter wouldn't work for that. It is clearly only looking at users that specifically are members of the xv64ut09 group.
--Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc