I am using the "LDAP Admin” tool to update an OpenLDAP server on Windows. This works just fine.
However, when I update members of a group in LDAP with LDAP Admin, those changes are not be seen by another application which queries LDAP (Atlassian's Crowd). Clearly this application is caching results from LDAP and there is a bug in that application's caching where updates don't get detected (I can always see changes made with LDAP Admin with other LDAP). If I update LDAP with other clients (python-ldap, phpldapadmin), then that application has no problem seeing the updates. It’s only when modifications are made with LDAP Admin that updates aren’t seen.
Yeah, it's a super weird bug …
Is there something on an OpenLDAP server which tells clients if an entry has been modified? And it’s possible to somehow bypass that thing which gets updated?
I can modify a group with LDAP Admin and run an LDIF and see that the modifyTimestamp field is being properly updated. I'm totally stumped as to how an OpenLDAP entry can be updated in a way that another client (with possibly aggressive or buggy query result caching) is able to somehow ignore that update.