When a group name is changed, a Group Update provisioning action is executed. However, if the 'isMemberOf' eduMember-objectclass attribute is enabled, the group name is available on each members entry. The LdapProvisioner does not update those attributes in this case and the isMemberOf subsequently points to a non-existing reference.

To reproduce:

• create a group
• make someone a member of the group
• enable the LdapProvisioner, configure the eduMember objectclass and enable isMemberOf and hasMember attributes. Allow for automatic provisioning.
• Click on 'reprovision all'
• Note that the isMemberOf attributes are synchronised to the correct group name
• Change the group name
• Note that the isMemberOf attribute has not changed, but the group DN did change

Reprovisioning all members of such groups seems like overkill. Probably the rename operation for groups need to be caught while provisioning and a similar rename operation needs to be performed for the isMemberOf attribute of all members.