In the old openldap-servers-2.2.13-4 from which I copied this data: /etc/openldap/schema/nis.schema objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top STRUCTURAL DESC 'Abstraction of a group of accounts' MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) In /etc/openldap/schema/core.schema I do see: attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ) As well as: objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) Am I rfc2307 or rfc2307bis? According to sssd-ldap man page: ldap_group_member (string) The LDAP attribute that contains the names of the group´s members. Default: memberuid (rfc2307) / member (rfc2307bis) I am currently using memberuid obviously so my clients can talk to the old server. Thanks so much for your needed assistance! Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug(a)med.cornell.edu O: 212-746-6305 F: 212-746-8690 On Fri, Jul 21, 2017 at 12:23 PM, Quanah Gibson-Mount <quanah(a)symas.com&gt; wrote: