Timothy Stonis wrote:
I’ve searched the internet, but can’t find any info, so sorry in advance if this is a
basic question… I’m trying to setup a “standard” DIT in an OpenLDAP 2.6.3 deployment. I
checked out my existing Active Directory deployment and also an old macOS Server
implementation, and they both make heavy use of the “container” structural class. For
example, users are in cn=users,dc=…,dc=… which is objectClass container. I see this class
is defined in the msuser schema, but in 2.6.3 it’s definition is commented out in the
Can anyone help shed some light on why this is the case
Read the msuser.schema comments more carefully.
# Only the subset of Windows 2012 attributes needed to make the
# user and group objectclasses work has been added to the previously
# retrieved definitions.
It may or may not work for you to uncomment other schema elements. Certainly has not been
tested by us.
and maybe a pointer to what a modern best practices DIT might look
Thanks in advance
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/