Sorry, I should have added that ldapsearch from the commandline works fine. I've set up a test static group and a dynamic group, and either will return the appropriate members. Looking at the openldap.log I can see when using the groupbasefilter cn=dynamic group, it's screwing up the search filter. (Still has the correct base, etc. but is doing filter="(&(cn=staticgroup)(cn=dynamicgroup))" even though I ONLY have the dynamicgroup as the filter in splunk. I can attach more results from ldapsearch, auth.conf, etc. but I'm sensing this just doesn't work.
... View more