PingDirectory

Schema validation considerations

The server only generates composed attributes for entries in which that attribute is allowed to be present.

For user attributes, the target attribute type must be permitted by at least one of the object classes associated with the entry. If an entry does not have any object class that permits the target attribute, then an attempt to generate composed values for the entry fails with an objectClassViolation (65) result. This restriction does not exist for operational attributes.

The server allows composed attributes to satisfy mandatory attribute requirements. If the target attribute is declared as a MUST type for any of the entry’s object classes, then a client should be able to add an entry that does not include values for that attribute type as long as the server composes a value for that attribute.

The server enforces attribute syntax restrictions for composed attributes. If a composed attribute violates the syntax for the associated attribute type, then the operation resulting in that composed attribute value is rejected with an INVALID_ATTRIBUTE_SYNTAX result. This can be overridden on a per-attribute-type basis using thepermit-syntax-violations-for-attribute property in the global configuration.

If this option is used to permit values that violate the associated syntax, then matching operations involving malformed values might not behave in a predictable manner.

The server should also enforce the SINGLE-VALUE constraint for the target attribute type. If an attribute type is defined with this constraint, you cannot configure the composed attribute plugin to generate multiple values for that attribute, and any operation that results in multiple values for the target attribute is rejected.

Composed attributes cannot set values for operational attributes that are defined with the NO-USER-MODIFICATION constraint.