I am working on removing the 'legacy' option. The idea is to always save data in our cache using the member/memberof schema and let backends manage how to process incoming data without forcing all internal code to conform to differences imposed by backends.

I have pushed 7 patches to my personal tree. Here: http://fedorapeople.org/gitweb?p=simo/public_git/sssd.git;a=summary

So far it works with my limited testing against the native ldap driver. Once I have at least briefly tested other backends I'll propose these patches for inclusion.

Note that this patch set may also fix some existing bugs in the group enumeration code.

Simo.