Hi,
Just passing by to let you know a quick way to bypass this validation:
Once you class is mapped to all of the LDAP classes (structural or no) edit the metadata and just switch the values defined in the class mapping portion of it, i.e., making any additional structural class be considered like an auxiliary one.
So yes, we are kind of tricking our solution to accept this but:
1. As far as the endpoint is concerned, it couldn't care less. The resulting ldap operation will have all of the object classes (structural or not) being sent as a single package to it.
2. This seems to be a UI validation only (CX and Prov Manager).
And, to be totally honest, I don't see the point for this sort of validation considering that the LDAP itself doesn't care at all...
This solved the problem for us and no impacts were found after some unitary testing.
Let me know if you need more precise directions on the metadata changes.
Regards,
Pedro