I just installed OpenLdap 2.4.44 with the overlay memberOf. I configured the overlay to use uniquemember and groupOfUniqueNames for the attribute
overlay memberof
memberof-group-oc groupOfUniqueNames
memberof-member-ad uniquemember
The problem is that the attribute memberOf seems to only be applied to the first entry of the group. If I have a group with more than one uniqueMember, only the first one is returned when I do a query by memberOf. And if I try to get the attribute memberOf for any other entry, it returns empty, like it does not belong to the group. Any idea?
Well, it was actually a silly thing, but in case somebody has the same issue in the future, I posted the solution here. It wasn't a problem with OpenLdap but with the data import. The load was done from an existing LDIF file. For some reason the order of the file was something like this:
dn: cn=Employee1, cn=employees, dc=dev, dc=company,dc=com
cn=Employee1
objectClass: organizationalPerson
objectClass: top
objectClass: person
objectClass: inetOrgPerson
dn: cn=Employees,cn=groups,dc=dev, dc=company,dc=com
objectClass: groupOfUniqueNames
uniqueMember: cn=Employee1, cn=employees, dc=dev, dc=company,dc=com
uniqueMember: cn=Employee2, cn=employees, dc=dev, dc=company,dc=com
uniqueMember: cn=Employee3, cn=employees, dc=dev, dc=company,dc=com
cn: Employees
dn: cn=Employee2, cn=employees, dc=dev, dc=company,dc=com
cn=Employee2
objectClass: organizationalPerson
objectClass: top
objectClass: person
objectClass: inetOrgPerson
dn: cn=Employee3, cn=employees, dc=dev, dc=company,dc=com
cn=Employee3
objectClass: organizationalPerson
objectClass: top
objectClass: person
objectClass: inetOrgPerson
So only the first entry existed before the group with the references to all entries was imported, and memberOf worked for that first entry, but not for the entries imported later.