Hello Quanah,
Thanks for clarification.
That confuses me a little bit. All replication on openLDAP are based on syncreplication (slurpd is vanished a long time ago) So what kind of replication means the manual page (-> "Replica servers")?
It means that you run it in a replicated environment at your own risk. Unfortunately, there is no defined standard for the "memberOf" functionality (it's a MS hack) and so there's nothing that details how it should or shouldn't behave with replication. In general, things work fine as long as:
a) The server(s) never go into REFRESH and b) You never bring up a new replica with an empty database (which then does a full REFRESH)
That means, if I run in mirrormode, I can turn on the memberOf overlay on the active openLDAP server and off on the slave. Then REFESH ist supported?! In emegency case (hardware error) I can make the mirror (manual) aktive an turn the overlay on?!
Thanks Meike