norbert(a)pueschel.net wrote: Your code does a string compare againset "memberOf" to detect those filter references. 1) it should simply be comparing the AttributeDescription pointers 2) since the "memberof" attribute is actually configurable in the memberof overlay, there's no guarantee that this is the correct attribute to be looking for. It should also be configurable in your patch. You're using strcasecmp, but your inputs are already normalized values. You should just use ber_bvcmp. Replying to the original: I don't see why this should ever work or be supported. LDAP groups list DNs. I don't see any reason why this should work. The memberof overlay is not used to construct groups, it is only used to report on group memberships that have already been defined. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/