I'm trying to set up OpenLDAP on a Debian 7.7 server.

While basic auth seems to work, I can't get the "memberof" overlay to work.

Being new to LDAP, all that memberof config seems overly complex to me – despite having read numerous tutorials…

In my current config I mostly followed the tutorial at http://gos.si/blog/installing-openldap-on-debian-squeeze-with-olc

I say mostly, because I skipped the step in the "Creating a LDAP Database" section. The reason is, that I can't create my database since the desired olcRootDN (cn=admin,dc=indunet,dc=it) is already taken. It's already there right after installing slapd using aptitude. Maybe it's a left-over from a previous installation, but I did aptitude purge slapd and even removed the /var/lib/ldap/ directory and made sure there were no more .ldif files around, so I have no clue why cn=admin,dc=indunet,dc=it comes from.

So, I tried to configure the pre-existing database olcDatabase={1}hdb,cn=config this way (I've added the highlighted entry):

For reference, the parent group (the "database") has these attributes:

(fullsize here)

I can see this config only when logging in with the bind DN cn=admin,cn=config. I can't add users/groups there (probably because that's just for configuration, right?). So I added a few groups and a user using the DN cn=admin,dc=indunet,dc=it in phpLDAPadmin.

In Apache DS that config looks like this:

I'm not sure if memberOf should be visible in this screen (I guess so), but anyway that attribute is defenitely not being sent to the client that depends on it.

It wouldn't surprise me if my config is completely broken, but I spent 2 days trying to fix this and honestly have run out of ideas…

Update

As time passed and I've played around with LDAP, this is my new current tree: