narrowing it down a bit, it looks like the aix group schema is very close to rfc2307bis
with one exception that the member id is stored only as a partial dn:
[sdap_find_entry_by_origDN] (0x4000): Searching cache for [username=some_user_name1].
[sdap_fill_memberships] (0x0080): Member [username=some_user_name1] was not found in
cache. Is it out of scope?
so may be this can be fixed with a small change to append the ldap_user_search_base to the
member id in the sdap_find_entry_by_origDN function?
am i on the right track here?