A dITConentRules attribute (unlike objectClasses) must not contain a
'SUP'.
The ADSI layer in Windows would download the whole schema, and
validate it. Thanks to the team at Microsoft for very long debugging
session to find this.
Andrew Bartlett
class->lDAPDisplayName,
(const char **)aux_class_list,
NULL,
- class->subClassOf,
+ NULL, /* Must not specify a
+ * SUP (subclass) in
+ * ditContentRules
+ * per MS-ADTS
+ * 3.1.1.3.1.1.1 */
-1, must_attr_list, may_attr_list);
talloc_free(tmp_ctx);
return schema_description;