I would add that if you are wanting your DIT to comply with actual LDAP standards then you wouldn’t be using that objectClass since it is an MS specific item and not part of an RFC.
> On Jan 25, 2023, at 5:22 PM, Howard Chu <[email protected]> wrote: > > Timothy Stonis wrote: >> Hi All, >> >> I’ve searched the internet, but can’t find any info, so sorry in advance if >> this is a basic question… I’m trying to setup a “standard” DIT in an >> OpenLDAP 2.6.3 deployment. I checked out my existing Active Directory >> deployment and also an old macOS Server implementation, and they both make >> heavy use of the “container” structural class. For example, users are in >> cn=users,dc=…,dc=… which is objectClass container. I see this class is >> defined in the msuser schema, but in 2.6.3 it’s definition is commented out >> in the msuser.schema file. >> >> Can anyone help shed some light on why this is the case > > Read the msuser.schema comments more carefully. > > # Only the subset of Windows 2012 attributes needed to make the > # user and group objectclasses work has been added to the previously > # retrieved definitions. > > It may or may not work for you to uncomment other schema elements. Certainly > has not been tested by us. > >> and maybe a pointer to what a modern best practices DIT might look like? >> >> Thanks in advance >> >> Tim >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/
