Can I modify the 'top' objectClass in openLDAP to incorporate some activedirectory attributes. Existing schemas in '/etc/ldap/slapd.d/cn=config/cn=schema' can be modified using ldapmodify. But i cannot find 'top' objectClass in any of these. To my knowledge, 'top' is part of system schema but can it be modified?
--On Friday, September 25, 2020 12:26 AM +0500 Zahoor Alizai email@example.com wrote:
Can I modify the 'top' objectClass in openLDAP
No. The top objectClass is very specific and should never be modified.
If you want MS attributes in your server, you should either create your own schema for the MS attributes or use the one in the OpenLDAP git repository for master.
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi. Thanks for the answer. I want to write my own schema and incorporate all of the MS attributes in my server. I want to keep the names of object classes and attributes in my server same as they are in AD. For that reason i wanted to modify "top" object class because there are certain attributes which are must in AD's top object class and are not available by default in OpenLDAP's top object class. For example in OpenLDAP attribute "objectClass" is must in top but in AD's "top" objectClass there are more than one "must" and "may" attributes. Is there any way that I can modify "top" object class? And yes, this server will only be compatible with AD. I won't be running any other schema on this server.