on http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-memb...
one can see how the issue hit us. We have a Suse 11.2 machine where the standard openldap configuration is slapd.conf based. On another ubuntu 10.04 machine it's cn=config based.
The memberOf function simply didn't work and there were not proper error messages and googling the issue was a pain in the ****
When we finally found out that we need an overlay no rpm was available. So we went and tried everything on the ubuntu machine.
But then there was this change of how everything is configured. Basically we could start googling all over again. Many hours and problems later we got the memberOf function working. What we know now is that OpenLdap has joined the list of projects that have abandondend simple configuration with a more complicated one. We've seen this with grub2, gnome and other projects. In all cases in our opinion this is not helping the majority of people using these projects. Many years of Documentation on the internet is invalidated and worse there are now two ways to do things that are incompatible and if you try to go back (as we did on ubuntu trying to get a slapd.conf based version running) it does not get any easier.
Please use the contact form on BITPlan's webpage if you'd like to get our configuration script for memberOf - we won't publish it at this time since it contains user data.