This is how filters work in LDAP. It sounds to me like things are working correctly. I.e., if I search for "objectClass=joe" objectClass, it will return every entry that has an objectClass value of joe, and all the values for objectClass. If I search for "(member=uid=user1,ou=users,dc=example,dc=com)", it will return to me every group that has a member attribute matching that value. I see nothing wrong in the behavior here, just in the understanding of how filters work. Let me know if you have further questions.
To expand on this a little bit more:LDAP filters are used to limit the number of entries returned. They do not limit attr=value pairs.
Generally, with groups, the most common operation is the ldapcompare operation. It lets you "ask" whether or not a given value is assigned to an attribute in a specific entry.
I.e., I can ask "Is uid=user1,ou=users,dc=example,dc=com a value for the member attribute in the group cn=testgroup ou=Groups,dc=example,dc=com" using the ldapcompare operation. It will answer one of three ways: TRUE, FALSE, or UNDEFINED.
<http://www.openldap.org/software/man.cgi?query=ldapcompare&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html> --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration