diff --git a/src/rm/RequestManagerChown.cc b/src/rm/RequestManagerChown.cc
index 5792293023..62cbec8f9a 100644
--- a/src/rm/RequestManagerChown.cc
+++ b/src/rm/RequestManagerChown.cc
@@ -354,6 +354,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
 
     string ngname;
     string uname;
+    string auth_driver;
 
     User *  user;
     Group * group;
@@ -361,6 +362,10 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
     PoolObjectAuth uperms;
     PoolObjectAuth ngperms;
 
+    const VectorAttribute* auth_conf;
+    bool driver_managed_groups;
+    bool new_group;
+
     if ( ngid < 0 )
     {
         att.resp_msg = "Wrong group ID";
@@ -368,10 +373,36 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
         return;
     }
 
-    rc = get_info(upool, oid, PoolObjectSQL::USER, att, uperms, uname, true);
-
-    if ( rc == -1 )
+    if ((user = upool->get(oid,true)) == 0 )
     {
+        att.resp_obj = PoolObjectSQL::USER;
+        att.resp_id  = oid;
+        failure_response(NO_EXISTS, att);
+
+        return;
+    }
+
+    user->get_permissions(uperms);
+
+    uname = user->get_name();
+
+    auth_driver = user->get_auth_driver();
+    new_group = user->get_groups().count(ngid) != 1;
+
+    user->unlock();
+
+    driver_managed_groups = false;
+
+    if (Nebula::instance().get_auth_conf_attribute(auth_driver, auth_conf) == 0)
+    {
+        auth_conf->vector_value("DRIVER_MANAGED_GROUPS", driver_managed_groups);
+    }
+
+    if (driver_managed_groups && new_group)
+    {
+        att.resp_msg =
+            "Groups cannot be manually managed for auth driver "+auth_driver;
+        failure_response(ACTION, att);
         return;
     }
 
diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index 525a8a4392..dfdc7cbb17 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -210,14 +210,45 @@ void UserEditGroup::
 
     string gname;
     string uname;
+    string auth_driver;
 
     PoolObjectAuth uperms;
     PoolObjectAuth gperms;
 
-    rc = get_info(upool, user_id, PoolObjectSQL::USER, att, uperms, uname,true);
+    const VectorAttribute* auth_conf;
+    bool driver_managed_groups;
 
-    if ( rc == -1 )
+    User* user;
+
+    if ((user = upool->get(user_id,true)) == 0 )
     {
+        att.resp_obj = PoolObjectSQL::USER;
+        att.resp_id  = user_id;
+        failure_response(NO_EXISTS, att);
+
+        return;
+    }
+
+    user->get_permissions(uperms);
+
+    uname = user->get_name();
+
+    auth_driver = user->get_auth_driver();
+
+    user->unlock();
+
+    driver_managed_groups = false;
+
+    if (Nebula::instance().get_auth_conf_attribute(auth_driver, auth_conf) == 0)
+    {
+        auth_conf->vector_value("DRIVER_MANAGED_GROUPS", driver_managed_groups);
+    }
+
+    if (driver_managed_groups)
+    {
+        att.resp_msg =
+            "Groups cannot be manually managed for auth driver "+auth_driver;
+        failure_response(ACTION, att);
         return;
     }