Having successfully upgraded my LDAP install to 2.4.22 on Redhat 5.3 I've been looking at use of the 'slapo-memberof' schema as provided by openldap2.4-server package.
The man page for slapo-memberof2.4 indicates I can use the 'memberof-dn' directive.
So, I've updated my slapd.conf file to allow the 'moduleload memberof.la' to be used and restarted ldap2.4 services. On the client I have configured my ldap.conf without the memberof directive and it works fine, but when I use memberof I can no longer login.
nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com Works fine
nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com?sub?memberof-dn=cn=access,ou=auth,dc=ldn,dc=sw,dc=com Fails to log me in.
I can see the people and auth OU's from the client using ldapsearch.
Questions: What is the correct syntax for using the memberof-dn directive? If the client does NOT have the openldap2.4-server package installed, does it pass the 'memberof-dn' directive to my LDAP server to be parsed?