diff --git a/net/nss_ldap/files/bsdnss.c b/net/nss_ldap/files/bsdnss.c
index 8b16014..a264d38 100644
--- a/net/nss_ldap/files/bsdnss.c
+++ b/net/nss_ldap/files/bsdnss.c
@@ -1,7 +1,8 @@
-#include <errno.h>
-#include <stdlib.h>
 #include <sys/param.h>
 #include <netinet/in.h>
+
+#include <errno.h>
+#include <stdlib.h>
 #include <pwd.h>
 #include <grp.h>
 #include <nss.h>
@@ -39,6 +40,14 @@ extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len
 			   struct hostent * result, char *buffer,
 			   size_t buflen, int *errnop, int *h_errnop);
 
+struct __netgrent;
+extern enum nss_status _nss_ldap_netgrp_load_result(struct __netgrent *result,
+			   char **hostp, char **userp, char **domp);
+extern enum nss_status _nss_ldap_getnetgrent_r(struct __netgrent *result, char *buffer,
+			   size_t buflen, int *errnop);
+extern enum nss_status _nss_ldap_setnetgrent(char *group, struct __netgrent *result);
+extern enum nss_status _nss_ldap_endnetgrent(struct __netgrent *result);
+
 NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
 NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
 NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
@@ -56,6 +65,10 @@ NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
 NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
 NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
 
+static NSS_METHOD_PROTOTYPE(__nss_compat_getnetgrent_r);
+static NSS_METHOD_PROTOTYPE(__nss_compat_setnetgrent);
+static NSS_METHOD_PROTOTYPE(__nss_compat_endnetgrent);
+
 static ns_mtab methods[] = {
 { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
 { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
@@ -74,6 +87,10 @@ static ns_mtab methods[] = {
 { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
 { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
 
+{ NSDB_NETGROUP, "getnetgrent_r", __nss_compat_getnetgrent_r, _nss_ldap_getnetgrent_r },
+{ NSDB_NETGROUP, "setnetgrent", __nss_compat_setnetgrent, _nss_ldap_setnetgrent },
+{ NSDB_NETGROUP, "endnetgrent", __nss_compat_endnetgrent, _nss_ldap_endnetgrent },
+
 { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
 { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
 { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
@@ -217,3 +234,67 @@ static int __freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
 
 	return __nss_compat_result(s, err);
 }
+
+static void *_netgr_result;
+
+static int
+__nss_compat_getnetgrent_r(void *retval, void *mdata, va_list ap)
+{
+	char **hostp, **userp, **domp;
+	char *buffer;
+	size_t bufsize;
+	enum nss_status rv;
+	int *errorp;
+	int ret;
+
+	hostp = va_arg(ap, char **);
+	userp = va_arg(ap, char **);
+	domp = va_arg(ap, char **);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errorp = va_arg(ap, int *);
+
+	do {
+		*errorp = 0;
+		rv = _nss_ldap_getnetgrent_r(_netgr_result, buffer, bufsize,
+		    errorp);
+		ret = __nss_compat_result(rv, *errorp);
+		if (ret != NS_SUCCESS)
+			return (ret);
+		rv = _nss_ldap_netgrp_load_result(_netgr_result, hostp, userp,
+		    domp);
+		ret = __nss_compat_result(rv, 0);
+	} while (ret == NS_TRYAGAIN);
+
+	return (NS_SUCCESS);
+}
+
+extern size_t _nss_ldap_netgrent_sz;
+
+static int
+__nss_compat_setnetgrent(void *retval, void *mdata, va_list ap)
+{
+	const char *netgroup;
+	int ret;
+
+	netgroup = va_arg(ap, const char *);
+
+	if (_netgr_result != NULL)
+		free(_netgr_result);
+	_netgr_result = calloc(1, _nss_ldap_netgrent_sz);
+	if (_netgr_result == NULL)
+		return (NS_TRYAGAIN);
+
+	return (_nss_ldap_setnetgrent(netgroup, _netgr_result));
+}
+
+static int
+__nss_compat_endnetgrent(void *retval, void *mdata, va_list ap)
+{
+	int ret;
+
+	ret = _nss_ldap_endnetgrent(_netgr_result);
+	free(_netgr_result);
+	_netgr_result = NULL;
+	return (ret);
+}
diff --git a/net/nss_ldap/files/patch-ldap-netgrp.c b/net/nss_ldap/files/patch-ldap-netgrp.c
new file mode 100644
index 0000000..b67dec8
--- /dev/null
+++ b/net/nss_ldap/files/patch-ldap-netgrp.c
@@ -0,0 +1,31 @@
+--- ldap-netgrp.c.orig	2016-06-05 21:43:56 UTC
++++ ldap-netgrp.c
+@@ -161,6 +161,8 @@ struct __netgrent
+   struct name_list *needed_groups;
+ };
+ 
++size_t _nss_ldap_netgrent_sz = sizeof(struct __netgrent);
++
+ static char *
+ strip_whitespace (char *str)
+ {
+@@ -384,6 +386,19 @@ _nss_ldap_getnetgrent_r (struct __netgre
+ {
+   return _nss_ldap_parse_netgr (result, buffer, buflen);
+ }
++
++enum nss_status
++_nss_ldap_netgrp_load_result (struct __netgrent *result,
++			      char **hostp, char **userp, char **domp)
++{
++
++  if (result->type == group_val)
++    return NSS_TRYAGAIN;
++  *hostp = result->val.triple.host;
++  *userp = result->val.triple.user;
++  *domp = result->val.triple.domain;
++  return NSS_SUCCESS;
++}
+ #endif /* HAVE_NSS_H */
+ 
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)