add memberof overlay,

fix init order for memberof overlay

init.template.ldif

@@ -8,13 +8,7 @@ dn: ou=groups,$BASE_DN
 objectClass: organizationalUnit
 ou: groups
 
-# admin group
+# initial user 
-dn: cn=admins,ou=groups,$BASE_DN
-objectClass: groupOfNames
-member: uid=$ADMIN_ID,ou=people,$BASE_DN
-cn: admins
-
-# paas user 
 dn: uid=$ADMIN_ID,ou=people,$BASE_DN
 objectClass: inetOrgPerson
 mail: $ADMIN_EMAIL
@@ -22,3 +16,9 @@ cn: $ADMIN_CN
 sn: $ADMIN_SN
 uid: $ADMIN_ID
 userPassword: $ADMIN_PASSWD
+
+# admin group
+dn: cn=admins,ou=groups,$BASE_DN
+objectClass: groupOfNames
+member: uid=$ADMIN_ID,ou=people,$BASE_DN
+cn: admins

pass.template.ldif

@@ -1,9 +1,10 @@
-# load pw-sha2 module
+# load modules: pw-sha2, ppolicy, memberof
 dn: cn=module{0},cn=config
 changetype: modify
 add: olcModuleLoad
 olcModuleLoad: pw-sha2.la
 olcModuleLoad: ppolicy.la
+olcModuleLoad: memberof.la
 
 # set default password hash to SSHA512
 dn: olcDatabase={-1}frontend,cn=config
@@ -21,3 +22,15 @@ olcPPolicyDefault: cn=password,ou=policies,$BASE_DN
 olcPPolicyHashCleartext: TRUE
 olcPPolicyUseLockout: FALSE
 olcPPolicyForwardUpdates: FALSE
+
+# add memberof policy
+dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf