Ah!!
I got it to work!

So what i did:

Ok, so i rebuilt but without the msuser.ldif schema. (my reasoning was because the memberof attribute was there ....but thought it was interesting that the overlay for dynlist included memberof...) https://www.openldap.org/software/man.cgi?query=slapo-dynlist&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html

Added the dyngroup.ldif schema instead.
Added the dynlist module

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /opt/symas/lib/openldap/
olcModuleLoad: dynlist.la

Added the dynlist overlay:

dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames

Now i can do a simple ldapsearch:

ldapsearch -xLLL uid=davetest memberof
dn: uid=davetest,ou=People,dc=domain,dc=net
memberOf: cn=config,ou=group,dc=domain,dc=net
memberOf: cn=netbox,ou=group,dc=domain,dc=net

Hope this makes sense and i did it right :D

@Saša-Stjepan Bakša FYI

Now to try with MMR

Thanks,

Dave

On Mon, Aug 30, 2021 at 4:14 AM Saša-Stjepan Bakša <ssbaksa@gmail.com> wrote:

On Sun, 29 Aug 2021 at 16:50, Dave Macias <davama@gmail.com> wrote:

Thank you for the input!

Ive been researching it a bit. As far as I understand, dynlist “allows for expansion of dynamic groups and more” (from the man). Also, I'm assuming that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt)

I only have static groups.
Googling around showed that you can also use it against static groups…if I understood it correctly.

Would this overlay config help me for expanding against static groups using rfc2307bis schema?

dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: member

Thank you!

Hi David,

I have similar situation and also a replicated environment. I am using posixGroup only and never had any need for a memberOf attribute.
But now, my devs have a software which insists on that attribute so I should provide it for them.
I have just started with testing it but don't have any result at this time, so if you solve it before me please post here what you did.
Or you can email me directly if you prefer that.

Br,

Saša