Timothy Stonis wrote: > Hi All, > > I’ve searched the internet, but can’t find any info, so sorry in advance if > this is a basic question… I’m trying to setup a “standard” DIT in an OpenLDAP > 2.6.3 deployment. I checked out my existing Active Directory deployment and > also an old macOS Server implementation, and they both make heavy use of the > “container” structural class. For example, users are in cn=users,dc=…,dc=… > which is objectClass container. I see this class is defined in the msuser > schema, but in 2.6.3 it’s definition is commented out in the msuser.schema > file. > > Can anyone help shed some light on why this is the case
Read the msuser.schema comments more carefully. # Only the subset of Windows 2012 attributes needed to make the # user and group objectclasses work has been added to the previously # retrieved definitions. It may or may not work for you to uncomment other schema elements. Certainly has not been tested by us. > and maybe a pointer to what a modern best practices DIT might look like? > > Thanks in advance > > Tim > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
