How to get posixGroups from LDAP working again?

I can't tell if this is just broken in ML, or if I'm just missing it.

I have an LDAP server running OpenLDAP and RFC2307. I have a couple groups defined with standard syntax, that is:

dn: cn=netadmin,ou=Group,dc=example,dc=net cn: netadmin description: Network Administrators gidnumber: 20002 memberuid: pjfasano memberuid: fasano objectclass: posixGroup objectclass: top

I used to be able to use the dseditgroup command to add this group to the local "admin group, thereby giving all of the users in "netadmin" the right to sudo, install updates, etc. I seem to be able to use the same command, and add it to the local group, but users can't do anything administrative.

Here's where it gets funky -- here's the output from dseditgroup netadmin:

pjfasano@iMac:~$ dseditgroup -o read netadmin dsAttrTypeStandard:RecordName - netadmin dsAttrTypeStandard:AppleMetaNodeLocation - /LDAPv3/server.example.net dsAttrTypeStandard:AppleMetaRecordName - cn=netadmin,ou=Group,dc=example,dc=net dsAttrTypeStandard:PrimaryGroupID - 20002 dsAttrTypeStandard:RecordType - dsRecTypeStandard:Groups dsAttrTypeStandard:Member - pjfasano fasano dsAttrTypeStandard:GroupMembership - pjfasano fasano

It all looks okay. But when I run dseditgroup -o checkmember:

pjfasano@iMac:~$ dseditgroup -v -o checkmember netadmin dseditgroup verbose mode Options selected by user: Checking membership selected Username determined to be Groupname provided as no pjfasano is NOT a member of netadmin

it says I'm not a member! Even though it just listed me as a member. Any ideas?

Message was edited by: pjfasano (formatting changes)