Hi,
I searched the lists and the Internet, but only a small portion of people seem to have the same problem. So I don't know, what's maybe wrong with my setup. One hint I found at: http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-memb...
I try to use the memberOf overlay in an openldap 2.4.11 (debian lenny) installation. This works so far. But if I'm going to modify a member attribute (add, delete, and modify) this change does not update the memberOf attributes returned. So in case of a deletion, the corresponding attribute memberOf still exists.
Example: dn: cn=example,ou=management,ou=groups,dc=domain changetype: modify delete: member member: cn=my.name,o=uwue,ou=identities,dc=domain
ldapsearch still returns:
# ldapsearch -x -LLL -H ldaps://server:636 -b ou=identities,dc=domain -W -D cn=admin,dc=domain cn=my.name memberOf Enter LDAP Password: dn: cn=my.name,... memberOf: cn=xxx,ou=groups,dc=german-lab,dc=de memberOf: cn=xxy,ou=groups,dc=german-lab,dc=de memberOf: cn=example,ou=management,ou=groups,dc=german-lab,dc=de
=> Does not work
I don't see "cn=example,ou=management,ou=groups,dc=domain" among memberOf's of "cn=my.name..." (assuming "..." stands for ",o=uwue,ou=identities,dc=domain", of course). I've tested the current implementation of slapo-memberof (test52 of the test suite) and I don't see any strange behavior.
You should provide a little bit more info, including your configuration and a clear set of LDIFs that allow to exactly create your database prior to modification, and a modification that results in an incorrect behavior.
Also, I note that 2.4.11 is relatively old. If you compare just the memberof.c file between 2.4.11 and 2.4.19 you'll note hundreds of lines of changes.
p.