I have a new LDAP server that I have integrated with my sites for SSO. It mostly works great, except for LDAP group membership. Here is the relevant LDIF from my test server:
dn: uid=user,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: user
uidNumber: 10000
gidNumber: 5000
dn: cn=group,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: group
gidNumber: 5000
memberUid: user
memberUid: 10000
Notice the "duplicate" memberUid. Both uid and uidNumber seem to be required. If I remove the uidNumber, then the user does now show up in the group member list in the Plone Users control panel. If I remove the uid, then the user is not seen as a member of the group, and they do not inherit the group's permissions.
This seems like a bug, but I would be surprised that no one else seems to have reported it. I suppose it could be some weird artifact of my setup, but it would be easy to believe the plugin is checking uid in one place and uidNumber in another.
Running openslap on Ubunut 16.04 LTS.