Thanks for the answer Michael!!!

My slapd.conf in attach.

I followed precisely the tip that you gave me at the link below:

http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance

When I run: ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=test1)" -b dc=my,dc=company,dc=br memberOf

only shows me: dn: uid=test1,ou=People,dc=my,dc=company,dc=br

Not show the memberOf: cn=testgroup,ou=Group,dc=my,dc=company,dc=br

I may have forgotten something?

On Sun, Sep 18, 2016 at 7:26 AM, Michael Ströder <michael@stroeder.com> wrote:

Elias Pereira wrote:
> For a new group that I create, memberof is set automatically, ok?

slapo-memberof intercepts write operations to group entries and updates member
entries at that time.

Note that the member entry must exist of course for this to succeed.

Also note that you have to run slapo-memberof on all replicas because attribute
'memberOf' is *not* replicated.

> But the groups that I already have on my base. How would I do to "enable"
> the memberof option?

Modify the group entry.

> Ldap accou manager maybe do that?

Client tools should not muck with attribute 'memberOf' (unless your 200% sure
what you're doing).

Ciao, Michael.

Elias Pereira