I've got mine working fine. Let me know and I can show you some queries

I having issues querying the members of groups. I am leveraging just the search base, with the object class limitation set to all, for both users and groups. for User Group Membership Mappings I am leveraging Object Class Limitation of All ObjectClass Values for groupOfNames. Would you mind sharing some examples of how you have your mappings are setup?

First, what version of the JSS? The User Group Membership Mappings only started working for me as recent as 10.1.1, previous to that there was a PI.

For my mappings:

User Group Membership Mappings:
- User Object
- memberOf
- no append
- Use distinguished is checked
- Use recursive is unchecked

User Group Mappings:
- All ObjectClass Values
- top
- cn=groups,cn-=accounts,dc=server,dc=net
- All Subtrees
- gidNumber
- cn
- objectGUID

User Mappings:
- All ObjectClass Values'
- blank object class(es)
- cn=users,cn=accounts,dc=server,dc=net
- All Subtrees
- uidNumber
- uid
- displayName
- mail
- etc, etc
- user uuid = uid

This also depends on your IPA setup. Ours is super basic.

I am using 10.1.1, I think I may have found my issue. Ours is not set up standard. I appreciate your help, this actually confirmed that I was on the right path.
Thank you

Great. LDAP was a long standing request in my org and we had the basics set up but now I can give permission to the JSS web interface based off group membership, which is handy for certain departments.

Krispayne,

Has this continued to work for you through Ventura?