Timothy Stonis wrote:
Hi All,
I’ve searched the internet, but can’t find any info, so sorry in advance if this is a basic question… I’m trying to setup a “standard” DIT in an OpenLDAP 2.6.3 deployment. I checked out my existing Active Directory deployment and also an old macOS Server implementation, and they both make heavy use of the “container” structural class. For example, users are in cn=users,dc=…,dc=… which is objectClass container. I see this class is defined in the msuser schema, but in 2.6.3 it’s definition is commented out in the msuser.schema file.
Can anyone help shed some light on why this is the case
Read the msuser.schema comments more carefully.
# Only the subset of Windows 2012 attributes needed to make the # user and group objectclasses work has been added to the previously # retrieved definitions.
It may or may not work for you to uncomment other schema elements. Certainly has not been tested by us.
and maybe a pointer to what a modern best practices DIT might look like?
Thanks in advance
Tim