diff --git a/unix_integration/common/src/unix_proto.rs b/unix_integration/common/src/unix_proto.rs
index 69f88c100..5d1afb06c 100644
--- a/unix_integration/common/src/unix_proto.rs
+++ b/unix_integration/common/src/unix_proto.rs
@@ -121,6 +121,7 @@ pub enum ClientRequest {
     NssGroups,
     NssGroupByGid(u32),
     NssGroupByName(String),
+    NssGroupsByMember(String),
     PamAuthenticateInit {
         account_id: String,
         info: PamServiceInfo,
@@ -144,6 +145,7 @@ impl ClientRequest {
             ClientRequest::NssGroups => "NssGroups".to_string(),
             ClientRequest::NssGroupByGid(id) => format!("NssGroupByGid({})", id),
             ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id),
+            ClientRequest::NssGroupsByMember(id) => format!("NssGroupsByMember({})", id),
             ClientRequest::PamAuthenticateInit { account_id, info } => format!(
                 "PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}",
                 account_id,
diff --git a/unix_integration/resolver/src/bin/kanidm_unixd.rs b/unix_integration/resolver/src/bin/kanidm_unixd.rs
index 414554488..490ec34de 100644
--- a/unix_integration/resolver/src/bin/kanidm_unixd.rs
+++ b/unix_integration/resolver/src/bin/kanidm_unixd.rs
@@ -275,6 +275,14 @@ async fn handle_client(
                     error!("unable to load group, returning empty.");
                     ClientResponse::NssGroup(None)
                 }),
+            ClientRequest::NssGroupsByMember(account_id) => cachelayer
+                .get_nssgroups_member_name(account_id.as_str())
+                .await
+                .map(ClientResponse::NssGroups)
+                .unwrap_or_else(|_| {
+                    error!("unable to enum groups");
+                    ClientResponse::NssGroups(Vec::new())
+                }),
             ClientRequest::PamAuthenticateInit { account_id, info } => {
                 match &pam_auth_session_state {
                     Some(_auth_session) => {
diff --git a/unix_integration/resolver/src/resolver.rs b/unix_integration/resolver/src/resolver.rs
index d892086d8..ecb3167fe 100644
--- a/unix_integration/resolver/src/resolver.rs
+++ b/unix_integration/resolver/src/resolver.rs
@@ -736,6 +736,24 @@ impl Resolver {
         Ok(r)
     }
 
+    pub async fn get_nssgroups_member(&self, account_id: Id) -> Result<Vec<NssGroup>, ()> {
+        let account = self.get_nssaccount(account_id).await?;
+        if let Some(account) = account {
+            Ok(self.get_nssgroups().await.
+                unwrap_or_else(|_| Vec::new())
+                .into_iter()
+                .filter(|g| g.members.contains(&account.name))
+                .collect())
+        } else {
+            Ok(Vec::new())
+        }
+    }
+
+    #[instrument(level = "debug", skip(self))]
+    pub async fn get_nssgroups_member_name(&self, account_id: &str) -> Result<Vec<NssGroup>, ()> {
+        self.get_nssgroups_member(Id::Name(account_id.to_string())).await
+    }
+
     async fn get_nssgroup(&self, grp_id: Id) -> Result<Option<NssGroup>, ()> {
         if let Some(mut nss_group) = self.system_provider.get_nssgroup(&grp_id).await {
             debug!("system provider satisfied request");