With a rest2ldap config like so:
When I create a managed/user, the record in DJ is created with all of the specified objectClasses. However, if there is an existing record in DJ which does not have all of the specified objectClasses already associated with it, if I update that record to include an attribute which is defined in one of those absent objectClass entries then the request will fail.
The error from rest2ldap includes a message like : "Object Class Violation: Entry uid=bjensen,ou=People,dc=example,dc=com cannot be modified because the resulting entry would have violated the server schema: Entry uid=bjensen,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute fr-idm-accountStatus which is not allowed by any of the objectclasses defined in that entry".
This makes it very difficult to use rest2ldap with existing data stores; ideally the specified object classes would be added to the record as needed (for example, this error could be captured and the specified objectclasses could be added to the user before retrying).