I just tested my configuration & db with version 2.4.24, and I am seeing the exacat same problem.
 
 
-Yuri

On Mon, Mar 14, 2011 at 2:43 AM, Howard Chu <hyc@symas.com> wrote:
Dieter Kluenter wrote:
Am Sun, 13 Mar 2011 17:39:17 -0700
schrieb Yuri Bank<yuribank@gmail.com>:

After doing more testing I have noticed that it is the 'Group member
modify entryCSNs' that seem to get ignored by the Provider, but
picked up by the Consumers. All other changes, adding or removing
users seems to update the ContextCSN on the Provider correctly.

So a work around would be to make some kind of random change to an
entry in my DIT ( after making changes to group membership), so that
the Provider has the correct ContextCSN. A simple change like
modifying the description field for a user would accomplish this. I
would like to get to the bottom of this though, without such a work
around.

Could this have anything to do with the memberOf overlay, which I am
using?

It is more likely that the contextCSN of accesslog db is older than
the last contextCSN provided by the provider.

It's too unclear to make such an assumption.

Best bet still is to switch to 2.4.24 and see if the problem remains.

And yes, it's most likely related to the memberOf overlay.

--
 -- Howard Chu
 CTO, Symas Corp.           http://www.symas.com
 Director, Highland Sun     http://highlandsun.com/hyc/
 Chief Architect, OpenLDAP  http://www.openldap.org/project/