The LDAP Provisioner attempts to apply a required objectClass from a LDAP Schema plugin to any object it provisions regardless of whether the object is a CoPerson or a CoGroup object.
This is problematic if the objectClass requires attributes that do not make sense for an object. For example, the qmailUser object class requires the mail attribute, and that may (or may not) make sense for a CoGroup object. If the provisioned CoGroup object does not have the required attribute than provisioning of the CoGroup object fails.
The LDAP Provisioner and LDAP Schema Plugin interface should be evolved so that the LDAP Schema Plugin could indicate that an objectClass should only be applied to a CoPerson or a CoGroup object.