We are running openldap 2.4.11.
The "base" dn is "dc=foo,dc=com", under this, there are two
organizationalunits "ou=people,dc=foo,dc=com" and
Entries under "groups" use objectclass groupOfNames.
Entries under "people" use objectclass inetOrgPerson.
Each group entry has some "member" attributes, each of them
to one user dn. With this we have the "list of members that the group
Also we are using the "memberof" overlay (memberof.la) that
automatically "inserts" "memberof" attributes to each user, so each
user, has a list of memberof attributes (one for each group that the
user belongs to).
At this point all is OK and working fine.
Now we need another overlay that "inserts" a new "text" attribute
each user called for example "groups" that contains a string with all
the groups that the user belongs to.
Note that we need to have this with only ONE attribute (NOT one
attribute for each group that the user belongs to).
It is possible?
Not with stock OpenLDAP. Also, this is an abuse of LDAP's data model.
You can do this by implementing a custom overlay.