I am setting up a new OpenLDAP server running Alma 8 to replace the function of an existing OpenLDAP server running CentOS 7.
On the original server, there are group entries with the following objectClasses
On the new server, I create groups using Python's ldap3 module, whereby I can specify the objectClasses but not the kind, e.g. structural or auxiliary. The groups that are are created have the following objectClasses:
Is this due to a shortcoming in the way I am creating the groups or have I configured the servers differently? I checked the schema files, but they seem to be identical.
This is not a per-entry attribute – it is defined globally for the objectClass, which is done through the schema. (In fact, your output looks like Apache Directory Studio, and the only way DirStudio learns which classes are structural and which are auxiliary is by 'manually' loading the schema from the server.)
So the reason for the difference is that your new server is using the "original" RFC 2307 schema (aka nis.schema) where posixGroup is defined as structural, while the older server uses the revised draft-howard-rfc2307bis schema (aka rfc2307bis.schema) where the same objectClass is defined as auxiliary.
The schema files might be identical, but you won't have all of them loaded, so the question is whether their load order is the same.
(But you probably shouldn't replace the LDAP server like this in the first place; you should dump and load the existing data using slapcat-slapadd, or even configure the new server to replicate from the old one using OpenLDAP's "syncrepl" – much like adding a new AD domain controller is done by replicating the existing domain, not by re-creating it from scratch.)