How to modify the schema to allow empty groups on groupOfUniqueNames

[peracchi]

I'm "almost there" with my own openldap image!

The problem at the moment is that the LDIF file that I want to import has several empty groups.

Because the member or uniqueMember attributes are MUST instead of MAY, entries using these objectclasses MUST have at least 1 member or uniqueMember value or they will violate the schema. In other words, empty groups are not allowed.

There are 2 simple workarounds:

Option 1. Add a member (or uniqueMember) to the empty group Option 2. Modify the schema to allow empty groups

I would like to use the second option but could not implement the solution as presented on the link bellow:

Schema Violation While Updating Optional Group Attributes

The best I got was use the following LDIF:

# for groupOfUniqueNames
dn: cn={0}core,cn=schema,cn=config
changetype: modify
replace: olcObjectClasses
olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
  DESC 'Defines entries for a group of names. Represents a
  list containing an unordered list of names' SUP 'top'
  STRUCTURAL MUST ( cn )
  MAY ( uniqueMember $ businessCategory $ seeAlso $
  owner $ ou $ o $ description ) )

With this command: ldapmodify -x -H ldaps://ldap.example.com -D "cn=admin,cn=config" -w <config-pwd> -f change-groupOfUniqueNames.ldif

Then I can import empty groups.

But I am doing something wrong because LDAP gets "corrupted".

Trying to view things in phpLDAPadmin gives a pop-up (on Firefox) saying "There was a problem with the request." and the panel on the right keeps that "animation" on "Retrieving DN...".

Any ideas on what I am doing wrong and how to get it right?