On 13/03/13 15:11, Arran Cudbard-Bell wrote: > > Phili is correct, but this will only work for something like AD, > where you have memberOf attributes which link a user account to a > group. Good point, got to watch that - my LDAP is getting very AD-centric :o(