Hi,
Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use.
On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a '+' for the attribute arguments correctly returns the memberOf attributes as created by the overlay.
On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine, supplied by our vendor which repackages some components). I've setup a proxy server there which uses slapd-ldap to proxy connections back to the openSUSE LDAP server.
On the SL system, ldapsearch talking directly to the openSUSE server correctly returns the memberOf attributes when using '+'. But when going through the local proxy server, they don't appear. The server log says "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf attributes are displayed, but all in capitals, as if there's a schema missing.
The schema definition of memberOf is in fact missing in the proxy. That definition is hardcoded in slapo-memberof(5). Your build probably has slapo-memberof(5) built as module, or not built at all. You need to just load the module, so the schema definition takes place.
p.