Full_Name: Quanah Gibson-Mount Version: 2.4.45 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) Per the slapo-memberof man page, you can define a different attribute than "memberOf" to hold the group membership information for an entry. However, this fails due to the fact that when a different attribute is used, slapd applies objectClass rule requirements to the entry. slapd does *not* do this when the default value of "memberOf" is used.

Example config: overlay memberof memberof-group-oc groupofuniquenames memberof-member-ad uniquemember memberof-memberof-ad ismemberof Example schema: attributetype ( 2.15.930.3.234225.3.1 NAME 'isMemberOf' DESC 'Sun defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Sun Directory Server' ) Create a group: dn: cn=mygroup,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: mygroup uniqueMember: cn=La Valko,ou=Peons,dc=example,dc=com Group creates OK, but: slapd[5149]: Entry (cn=La Valko,ou=Peons,dc=example,dc=com), attribute 'isMemberOf' not allowed slapd[5149]: entry failed schema check: attribute 'isMemberOf' not allowed slapd[5149]: conn=1000 op=19: memberof_value_modify DN="cn=la valko,ou=peons,dc=example,dc=com" add isMemberOf="cn=mygroup,dc=example,dc=com" failed err=65