I have configured OpenLDAP with the memberOf overlay and everything works as expected for me. I can see the group memberships in the operational attributes of an object.
Now i am running into the problem, that some applications do not request operational attributes when reading the user object from the directory. Namely i am currently having issues with opnsense and keycloak which appear to not pick up on the memberOf attribute. Opensense even has a tester utility which shows all queried information, and it only shows the non-operational attributes. Other users are describing similar issues in a github issue at opensense's github repository.
My naive solution, and what i have tried to google, is: is there a setting so i can specify which attributes are returned by default? I think that the issue would be solved if memberOf would be returned by default, and not only if operational attributes are requested?