memberOf does not Update on Group Modify

[Robert Henjes <henjes@informatik.uni-wuerzburg.de>]

Hi,

I searched the lists and the Internet, but only a small portion of
people seem to have the same problem. So I don't know, what's maybe
wrong with my setup.
One hint I found at:
http://serverfault.com/questions/73213/how-do-i-configure-reverse-group-membership-maintenance-on-an-openldap-server-m

I try to use the memberOf overlay in an openldap 2.4.11 (debian lenny)
installation. This works so far. But if I'm going to modify a member
attribute (add, delete, and modify) this change does not update the
memberOf attributes returned. So in case of a deletion, the
corresponding attribute memberOf still exists.

Example:
dn: cn=example,ou=management,ou=groups,dc=domain
changetype: modify
delete: member
member: cn=my.name,o=uwue,ou=identities,dc=domain

ldapsearch still returns:

# ldapsearch -x -LLL -H ldaps://server:636 -b ou=identities,dc=domain -W
-D cn=admin,dc=domain cn=my.name memberOf
Enter LDAP Password: 
dn: cn=my.name,...
memberOf: cn=xxx,ou=groups,dc=german-lab,dc=de
memberOf: cn=xxy,ou=groups,dc=german-lab,dc=de
memberOf: cn=example,ou=management,ou=groups,dc=german-lab,dc=de

=> Does not work

 - Restarting the slapd daemon does not help.
 - Using slapd.conf or cn=config makes no difference

If I remove the complete groupOfNames object and reimport it as a ldif
file, the new imported options are respected and correctly updated. But
this behavior is very ugly in practice.

So do you have any ideas, what to do?

Thank you very much in advance,
Robert Henjes

-- 
Dipl.-Inform. Robert Henjes
University of Wuerzburg,
Institute of Computer Science,
Chair of Distributed Systems (Informatik III),
Am Hubland, 97074 Wuerzburg, Germany

henjes@informatik.uni-wuerzburg.de
Tel: +49 931 31-86652
Fax: +49 931 888-6632