Hello everyone,
I am struggling to make an openldap/meta configuration work:
i have two active directory domain/servers: dc=mysite,cd=com and dc=other,dc=mysite,dc=com
my goal is to integrate both domains with an application who can integrate with a SINGLE ldap source for user authentication.
i'd like to build an openldap meta/proxy to build a virtual tree with
mysite.com (empty)
--- ou=virtual, dc= mysite,dc =com
--- ou=other, dc= mysite,dc =com

I'm working with these configuration:
database meta
suffix   "dc=mysite,cd=com"
..
uri          "ldap://SRV-xxxxxx/ou=virtual, dc= mysite,dc =com"
readonly      yes
lastmod       off
suffixmassage "ou=virtual, dc= mysite,dc =com" "dc= mysite,dc =com"

uri "ldap://SRV-yyyy/ou=other, dc= mysite,dc =com"
readonly      yes
lastmod       off
suffixmassage "ou=other, dc= mysite,dc =com" "dc=other,dc=mysite,dc=com"

The ldap tree is accessible but the group membership is wrong: the value of memberof attributes for every user still has the original value, not the remapped value,for example:
cn=user,ou=someou,dc=mysite,cd=com
cn=somegroup,ou=groups,dc=mysite,cd=com
are seen by the client as
cn=user,ou=someou,ou=virtual,dc=mysite,cd=com
cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com
but the membeof attribute of user.someou.mysite.com is
cn=somegroup,ou=groups,dc=mysite,cd=com
i expect it to be
membeof=cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com

Can someone advice if this is the correct way to address this problem ?
Can someone point me to the proper documentation ?

Thank you
Marco