APM LDAP Query with user-dn

Hi,

i got a very strange case that i'm trying to resolve.

My Setup is as follows: APM Policy with LDAP Query for some User Attributes (this one works correct): - Base: ou=Identities,o=MyCompany - Filter: (usershortname=%{session.logon.last.username}) Additional LDAP Query after the first one to check if a certain field in the groups the user is member of matches a given String. Actually, what i want here is to retrieve all groups the user is a member of get a specific attribute of these groups: - Base: ou=Systems,o=MyCompany - Filter=(&(objectClass=groupOfNames)(member=%{session.ldap.last.attr.dn}))

The second LDAP Query does fail all the time, and i simply dont know why. From the apm-log i see that the query-filter is filled correctly:

: 3e0406ea: LDAP agent: Query: query failed, dn: ou=Systems,o= MyCompany, filter: (&(objectClass=groupOfNames)(member=cn=myusercn,ou=People,ou=Identities,o=MyCompany))

And later it tells me:

3e0406ea: Session variable 'session.ldap./Common/myvhost_act_ldap_query_1_ag.errmsg' set to 'No such object, no matching users found'

Even if i paste the filter into my ldap-client, it resolves correctly and returns the desired result.

So, anyone got a hint for me here? Could it be that some internal encoding takes place which somehow scrambles the dn i insert for the member-filter?

Thanks in advance, Rene