ldap memberof overlay not working at all even with new entries

Question

I've been trying 2 days not to get memberof overlay of openldap to work and give some actual results. My database config:

database    bdb
suffix      "dc=example,dc=net"
checkpoint  1024 15
rootdn      "cn=root,dc=exmple,dc=net"
rootpw          {SSHA}stuffffffff

directory   /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

overlay memberof

Then

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

Restart slapd and create test user and test group. Then ldap search to see the result:

[root@sso openldap]#  ldapsearch -W -H ldapi:/// "(uid=test123)" -b dc=example,dc=net memberOf
Enter LDAP Password: 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=net> with scope subtree
# filter: (uid=test123)
# requesting: memberOf 
#

# search result
search: 3
result: 0 Success

# numResponses: 1

And still not showing the memberof attributes. According to the openldap documentation it should be exactly that simple - add overlay memberof to the slapd.conf and it should work. Any idea? Thanks.

Answer 1

I know this is an old thread, but maybe this will help somebody else. I am a noob that recently installed and used the memberOf overlay on an Openldap 2.4.31 (Ubuntu 14.04 LTS) server. The most important things I learned were :

• Since OpenLDAP version 2.3, configuration is done dynamically (OLC) using Directory Information Trees, optionally making the static slapd.conf method obsolete. Use it.

• Add the memberof and refint overlays as explained here

• EDIT: Keep in mind this overlay works with the (among others) groupOfNames ObjectClass and not work with the standard posixGroup ObjectClass.