On 1/8/20 7:07 PM, Quanah Gibson-Mount wrote: > --On Wednesday, January 8, 2020 3:25 PM +0000 [email protected] > wrote: > >> is there a way to disable OpenLDAP checking entries for existence of >> STRUCTURAL objectclasses? > > No. This is a hard requirement. The best option would be to fix the > bad data in your upstream system.
One possibility to fix this: Define a new STRUCTURAL object class derived from different other STRUCTURAL object classes. E.g. in Æ-DIR I'm using this to provide hybrid posixGroup entries serving RFC 2307 and RFC 2307bis groups: ( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description MAY ( aeMemberZone $ aeDept $ aeLocation ) ) This works because unlike other LDAP directory servers OpenLDAP supports multiple class inheritance. Ciao, Michael.
