https://bugs.openldap.org/show_bug.cgi?id=9621
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to Michael Ströder from comment #3)
(In reply to Howard Chu from comment #2)
Note that it's a violation of the data model for a multivalued attribute to be missing an EQUALITY matching rule.
Why is that a violation of the data model?
For example I definitely expect it's possible to store multiple values in attribute 'userPKCS12' without any issues via MOD_REPLACE affecting the whole attribute value set.
I don't expect that I can add/remove distinct attribute values though.
The server is required to prevent the storage of duplicate values. That's inherent to the definition of a SET, and attributes are sets of values. A server is unable to fulfill this requirement without an EQUALITY matching rule.