IDM has a single profile for all our DS object classes, ldap attributes, and base entries. There are entries in the profile that are internal to IDM that should not be changed by the customer, but we also have object classes and ldap attributes that the customer should change and define on their own.
An example of this split is to create one idm-internal profile containing everything except managed entries, and then have another profile called idm-managed that has all the idm sample object classes and ldap attributes fo our default managed objects. The idm-managed profile could then be replaced by customers when they define their own managed objects and schema.
This is just one example, there might be more than just managed as customer customizable data.