diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 3f4ab8d18680e8544582d71c50a53570cddecf08..4cb0879b30522cb0fa11258ac7ef310c26f4c509 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -348,6 +348,11 @@ The role implements the following:
 * Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).
 * Sets-up separate log file for OpenLDAP server at ``/var/log/slapd.log`` (with
   log rotation included).
+* Enables the ``memberof`` overlay on top of default database. The overlay is
+  configured to keep track of membership changes for object class
+  ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of
+  referential integrity is turned on as well (modifications of ``memberof``
+  attribute will update corresponding group as well.
 * Configures permissions.
 * Creates LDAP entries.
 
diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index 13505c619f7c8379b099c7ecc2c9c453c965375b..fb9bc2b94be7da8badcfe7bb25bec06f8032ff6e 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -54,6 +54,9 @@
       - olcMemberOf
       - olcOverlayConfig
     olcOverlay: memberof
+    olcMemberOfRefInt: "TRUE"
+    olcMemberOfGroupOC: groupOfUniqueNames
+    olcMemberOfMemberAD: uniqueMember
 
 - name: Apply database permissions
   ldap_permissions: