diff -up cpu-1.4.3/src/plugins/ldap/ld.c.supp-groups cpu-1.4.3/src/plugins/ldap/ld.c
--- cpu-1.4.3/src/plugins/ldap/ld.c.supp-groups	2010-11-07 19:00:21.000000000 -0700
+++ cpu-1.4.3/src/plugins/ldap/ld.c	2010-11-07 18:56:18.000000000 -0700
@@ -29,6 +29,7 @@
 
 gid_t getlGid (LDAP * ld, char *groupn);
 char *checkSupGroups (LDAP * ld);
+void getSupGroups (LDAP * ld, char *uname);
 void rmUsrFrmOldSupGrp (LDAP * ld, char *uname);
 int checkIsPrimaryGroup (LDAP * ld);
 int groupExists (LDAP * ld, int cgid);
@@ -193,6 +194,7 @@ ldapOperation (ldapop_t optype)
 	      return -1;
 	    }
 	}
+      getSupGroups (ld, globalLdap->passent->pw_name);
       tstr = NULL;
       if ((tstr = checkSupGroups (ld)) != NULL)
 	{
@@ -755,6 +757,65 @@ checkSupGroups (LDAP * ld)
   return NULL;
 }
 
+void
+getSupGroups (LDAP * ld, char *uname)
+{
+  LDAPMessage *res[2];
+  LDAPMessage *pos;
+  int filtsize = 0;
+  struct timeval timeout;
+  char **vals;
+  char *filter = NULL;
+  char *temp;
+  int num_tokens = 0;
+  char *attrs[7] = {
+    "cn",
+    NULL
+  };
+
+  if (globalLdap->memberUid != NULL)
+    return;
+
+  timeout = globalLdap->timeout;
+  res[1] = NULL;
+
+  temp = cfg_get_str ("LDAP", "GROUP_FILTER");
+  if (temp == NULL)
+    temp = strdup ("(objectClass=PosixGroup)");
+  filtsize = strlen (temp) + strlen (uname) + 18;
+  filter = (char *) malloc (sizeof (char) * filtsize);
+  bzero (filter, filtsize);
+
+  snprintf (filter, filtsize, "(&%s (memberUid=%s))", temp, uname);
+  if (ldap_search_st (ld, globalLdap->group_base, LDAP_SCOPE_SUBTREE,
+		      filter, attrs, 0, &timeout, res) != LDAP_SUCCESS)
+    {
+      Free (filter);
+      CPU_ldapPerror (ld, globalLdap, "getSupGroups: ldap_search_st");
+      return;
+    }
+  free (filter);
+  if (ldap_count_entries (ld, res[0]) < 1)
+    return;
+
+  for (pos = ldap_first_entry (ld, res[0]); pos != NULL;
+       pos = ldap_next_entry (ld, pos))
+    {
+      if ((vals = ldap_get_values (ld, pos, "cn")) != NULL)
+	{
+	  if (vals[0] != NULL)
+	    {
+              globalLdap->memberUid = (char **) 
+                  realloc (globalLdap->memberUid,
+                           sizeof(char*)*((num_tokens+1)*4));
+              globalLdap->memberUid[num_tokens] = strdup(vals[0]);
+              num_tokens++;
+	    }
+	}
+    }
+  globalLdap->memberUid[num_tokens] = NULL;
+}
+
 int
 groupExists (LDAP * ld, int cgid)
 {
diff -up cpu-1.4.3/src/plugins/ldap/commandline.c.supp-groups cpu-1.4.3/src/plugins/ldap/commandline.c
--- cpu-1.4.3/src/plugins/ldap/commandline.c.supp-groups	2010-11-07 20:45:35.000000000 -0700
+++ cpu-1.4.3/src/plugins/ldap/commandline.c	2010-11-07 20:45:20.000000000 -0700
@@ -175,15 +175,20 @@
 		  if (isalnum ((int)optarg[0]))
 		      gtemp = strdup (optarg);
 		  if (gtemp == NULL)
-		      return -1;
-		  while (gtemp != NULL && *gtemp)
-		  {
+		    {
 		      globalLdap->memberUid =
 			  (char **) realloc (globalLdap->memberUid,
 					     sizeof(char*)*((num_tokens+1)*4));
-		      globalLdap->memberUid[num_tokens] = getToken(&gtemp,",");
-		      num_tokens++;
-		  }
+		    }
+		  else
+		    while (gtemp != NULL && *gtemp)
+		      {
+		        globalLdap->memberUid =
+			    (char **) realloc (globalLdap->memberUid,
+					       sizeof(char*)*((num_tokens+1)*4));
+		        globalLdap->memberUid[num_tokens] = getToken(&gtemp,",");
+		        num_tokens++;
+		      }
 		  globalLdap->memberUid[num_tokens] = NULL;
 		  break;
 	      }