Hi, Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use. On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a '+' for the attribute arguments correctly returns the memberOf attributes as created by the overlay. On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine, supplied by our vendor which repackages some components). I've setup a proxy server there which uses slapd-ldap to proxy connections back to the openSUSE LDAP server. On the SL system, ldapsearch talking directly to the openSUSE server correctly returns the memberOf attributes when using '+'. But when going through the local proxy server, they don't appear. The server log says "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf attributes are displayed, but all in capitals, as if there's a schema missing. One possibly important point: we're using the rfc2307bis schema on our main server, and this isn't supplied with the SL distribution of OpenLDAP, so I've just copied it over to the SL system. I think this suggests a broken build of OpenLDAP 2.4 supplied by our vendor, but is there anything I might be doing wrong? The proxy server's slapd.conf file is as so: include /cm/local/apps/openldap/etc/schema/core.schema include /cm/local/apps/openldap/etc/schema/cosine.schema include /cm/local/apps/openldap/etc/schema/inetorgperson.schema include /cm/local/apps/openldap/etc/schema/rfc2307bis.schema include /cm/local/apps/openldap/etc/schema/rcsperson.schema argsfile /var/run/openldap/slapd.args pidfile /var/run/openldap/slapd.pid database ldap monitoring off uri ldap://opensuse.ldapserver.example.com tls start tls_cacertdir=/etc/openldap/certs suffix dc=example,dc=com rootdn "cn=admin,dc=example,dc=com" -- Liam Gretton liam.gretton(a)le.ac.uk HPC Architect http://www.le.ac.uk/its/ IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom