Full_Name: Clement OUDOT Version: 2.4.47 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.250.130.213)

We use a very standard configuration with memberof overlay.

The issue is very easy to reproduce : * Create a group with a user in an OpenLDAP server using memberof overlay * The user should now have the group DN in memberOf attribute * Rename the group to change its case, for example uppercase the first letter * The group has be renamed but was removed form user memberOf attribute

The OpenLDAP log is the following: 5c9ba447 conn=1000 op=23 MODRDN dn="cn=memberoftest,ou=groups,dc=example,dc=com" 5c9ba447 conn=1000 op=23: memberof_value_modify DN="uid=coudot,ou=users,dc=example,dc=com" add memberOf="cn=memberofTEST,ou=groups,dc=example,dc=com" failed err=20

Seems it is because memberof try to add the new value before deleting the old one. As the values are the same when ignoring the case, the modification is rejected.

I would say that doing the LDAP_SLIST_REMOVE before the LDAP_SLIST_INSERT_HEAD in memberof.c should be enough but I don't know if this is safe.