I am building a new LDAP v 2.4 cluster.   We do not allow anonymous binds and set "sizelimit 1" for all users except our service account used for binding.  

However, for group members, I am still hitting the "sizelimit 1" when trying:

limits group/posixGroup/memberUid="cn=admins,dc=blah" size=unlimited time=unlimited

Our group entry in LDAP:

From reading the slapd.conf man page, it seems we're not using the default objectclass "groupOfNames," or attribute "member," however when I use the defaults, or the above which exist in our directory, I still hit "sizelimit 1."  Of course using dn.exact for our individual accounts works, though I don't want to touch slapd.conf every time we hire someone.

Do you have any insight into what could be causing this behavior?  I have not found the answer yet through extensive searching of the internets.