Enabling-openldap-memberof.md

+# Enabling MemberOf (OpenLDAP)
+
+1. Create `memberof_config.ldif` file
+
+```ldif
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+olcModuleLoad: memberof
+olcModulePath: /usr/lib/ldap
+
+dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+```
+
+2. Create `refint1.ldif` file
+
+```ldif
+dn: cn=module{1},cn=config
+add: olcmoduleload
+olcmoduleload: refint
+```
+
+3. Create `refint2.ldi` file
+
+```ldif
+dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner
+```
+
+4. To set up the memberof module and configure it, run this command:
+
+```
+sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
+```
+
+5. To load and configure the refint module
+
+```
+sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint1.ldif
+sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/refint2.ldif
+```
+
+>Every group created before this module is enabled has to be deleted and remade in order for these changes to take effect. LDAP assigns a "member" attribute behind the scenes to existing users when creating a group.
\ No newline at end of file