> Hi, > > Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use. > > On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a > '+' for the attribute arguments correctly returns the memberOf > attributes as created by the overlay. > > On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine, > supplied by our vendor which repackages some components). I've setup a > proxy server there which uses slapd-ldap to proxy connections back to > the openSUSE LDAP server. > > On the SL system, ldapsearch talking directly to the openSUSE server > correctly returns the memberOf attributes when using '+'. But when going > through the local proxy server, they don't appear. The server log says > "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the > attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf > attributes are displayed, but all in capitals, as if there's a schema > missing.
The schema definition of memberOf is in fact missing in the proxy. That definition is hardcoded in slapo-memberof(5). Your build probably has slapo-memberof(5) built as module, or not built at all. You need to just load the module, so the schema definition takes place. p.
