The server only generates composed attributes for entries in which that attribute is allowed to be present. For user attributes, tist means that the target attribute type must be permitted by at least one of the object classes associated with the entry. If an entry does not have any object class that permits the target attribute, then an attempt to generate composed values for the entry will fail with an objectClassViolation (65) result. This restriction does not exist for operational attributes.

The server allows composed attributes to satisfy mandatory attribute requirements. That is, if the target attribute is declared as a MUST type for any of the entry’s object classes, then it must be possible for a client to add an entry that does not include any values for that attribute type as long as the server will compose a value for that attribute.

The server also enforces attribute syntax restrictions for composed attributes. If a composed attribute would violate the syntax for the associated attribute type, then the operation that would result in that composed attribute value isrejected with an INVALID_ATTRIBUTE_SYNTAX result. This may be overridden on a per-attribute-type basis using the permit-syntax-violations-for-attribute property in the global configuration.
Note: If this option is used to permit values that violate the associated syntax, then matching operations involving malformed values may not behave in a predictable manner,
.

The server should also enforce the SINGLE-VALUE constraint for the target attribute type. If an attribute type is defined with this constraint, it is not possible to configure the composed attribute plugin in a manner that could generate multiple values for that attribute and any operation that would result in multiple values for the target attribute is rejected.

Composed attributescannot set values for operational attributes that are defined with the NO-USER-MODIFICATION constraint.