Markus,
You might review the objectclass definitions for your data. There is no issue with multiple STRUCTURAL objectclasses on the same object as long as they are part of the same hierarchy
e.g.
dn: uid=user,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: customizedObjectClassBasedOnInetOrgPerson
.
.
.
There might also be the opportunity to convert some structural classes to auxiliary.
From: openldap-technical <openldap-technical-bounces@openldap.org>
On Behalf Of Markus.Storm@t-systems.com
Sent: Wednesday, January 8, 2020 8:25 AM
To: openldap-technical@openldap.org
Subject: structural objectclass checking
Hi,
is there a way to disable OpenLDAP checking entries for existence of STRUCTURAL objectclasses?
I know it’s illegal per standard to have either no or multiple objectclasses of STRUCTURAL type on an entry.
Unfortunately in the enterprise world it is very common that you have to deal with existing data which is even beyond your control. Our LDAP is full of such ‘bad’ records, making
imports into OpenLDAP fail for 50% of our entries.
I’m trying to present OpenLDAP as an alternative to the commercial LDAP software my company is currently running but I need to come up with a solution to this in order to convince
our managers and engineering.
Competition such as Oracle Unified Dir have an option to selectively disable this type of checking.
Is there a way to do it in OpenLDAP via config? If no, would it be rather easy or hard to add that to the code myself ? I once made a similar patch but it had to be applied in
a single location within the source only.
Thanks
Best regards
Markus