I have a new LDAP server that I have integrated with my sites for SSO. It mostly works great, except for LDAP group membership. Here is the relevant LDIF from my test server:
Notice the "duplicate" memberUid. Both uid and uidNumber seem to be required. If I remove the uidNumber, then the user does now show up in the group member list in the Plone Users control panel. If I remove the uid, then the user is not seen as a member of the group, and they do not inherit the group's permissions.
This seems like a bug, but I would be surprised that no one else seems to have reported it. I suppose it could be some weird artifact of my setup, but it would be easy to believe the plugin is checking uid in one place and uidNumber in another.
Running openslap on Ubunut 16.04 LTS.