Re: memberOf attributes not working through slapd-ldap backend

[masarati@aero.polimi.it]

> Hi,
>
> Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use.
>
> On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a
> '+' for the attribute arguments correctly returns the memberOf
> attributes as created by the overlay.
>
> On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine,
> supplied by our vendor which repackages some components). I've setup a
> proxy server there which uses slapd-ldap to proxy connections back to
> the openSUSE LDAP server.
>
> On the SL system, ldapsearch talking directly to the openSUSE server
> correctly returns the memberOf attributes when using '+'. But when going
> through the local proxy server, they don't appear. The server log says
> "PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the
> attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf
> attributes are displayed, but all in capitals, as if there's a schema
> missing.

The schema definition of memberOf is in fact missing in the proxy.  That
definition is hardcoded in slapo-memberof(5).  Your build probably has
slapo-memberof(5) built as module, or not built at all.  You need to just
load the module, so the schema definition takes place.

p.