> Hi, > > I searched the lists and the Internet, but only a small portion of > people seem to have the same problem. So I don't know, what's maybe > wrong with my setup. > One hint I found at: > http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-membership-maintenance-on-an-openldap-server-m > > I try to use the memberOf overlay in an openldap 2.4.11 (debian lenny) > installation. This works so far. But if I'm going to modify a member > attribute (add, delete, and modify) this change does not update the > memberOf attributes returned. So in case of a deletion, the > corresponding attribute memberOf still exists. > > Example: > dn: cn=example,ou=management,ou=groups,dc=domain > changetype: modify > delete: member > member: cn=my.name,o=uwue,ou=identities,dc=domain > > ldapsearch still returns: > > # ldapsearch -x -LLL -H ldaps://server:636 -b ou=identities,dc=domain -W > -D cn=admin,dc=domain cn=my.name memberOf > Enter LDAP Password: > dn: cn=my.name,... > memberOf: cn=xxx,ou=groups,dc=german-lab,dc=de > memberOf: cn=xxy,ou=groups,dc=german-lab,dc=de > memberOf: cn=example,ou=management,ou=groups,dc=german-lab,dc=de > > => Does not work
I don't see "cn=example,ou=management,ou=groups,dc=domain" among memberOf's of "cn=my.name..." (assuming "..." stands for ",o=uwue,ou=identities,dc=domain", of course). I've tested the current implementation of slapo-memberof (test52 of the test suite) and I don't see any strange behavior. You should provide a little bit more info, including your configuration and a clear set of LDIFs that allow to exactly create your database prior to modification, and a modification that results in an incorrect behavior. Also, I note that 2.4.11 is relatively old. If you compare just the memberof.c file between 2.4.11 and 2.4.19 you'll note hundreds of lines of changes. p.
