alexoz66@gmail.com wrote:

Full_Name: John Alex. Version: 2.4.40 OS: FreeBSD 9.3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (176.58.252.240)

I have a consumer configured with slapo-memberof and exattrs=memberof in order to keep track of group memberships locally as suggested in the manpages. This works ok when adding/deleting users to groups, but when a user entry containing "memberOf" values is modified, those values are deleted in the consumer. According to ITS#7400, exattrs=memberOf is necessary to avoid getting this attribute from the provider.

I see nothing in ITS#7400 that even mentions exattrs. In fact there's nothing conclusive in ITS#7400 at all, it only says the issue should be taken up on the -devel mailing list and needs new design work.

However, it was suggested to me to remove "memberOf" from exattrs, which I did and now everything seems to work fine.

In any case, even if exattrs=memberof is not needed anymore, it should not have any effect to the local slapo-memberof operations.

Sorry, that doesn't follow. Adding settings will invariably change some server behavior. Adding a setting that you didn't need generally turns a working config into a broken config.

See also: http://www.openldap.org/lists/openldap-technical/201505/msg00124.html