diff --git a/group_vars/all/11_iam.yml b/group_vars/all/11_iam.yml
index 90d659ed..b67132c9 100644
--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@@ -65,4 +65,8 @@ ldap:
     uri:                "{% if applications.ldap.network.local | bool %}ldap://{{ applications.ldap.hostname }}{% else %}ldaps://{{ domains.ldap }}{% endif %}:{{ _ldap_server_port }}"
   network:
     local:              "{{applications.ldap.network.local}}" # Uses the application configuration to define if local network should be available or not
-  
\ No newline at end of file
+  user_objects:
+    - person          # Basic person attributes (sn, cn …) – RFC 4519
+    - inetOrgPerson   # Extended Internet / intranet person – RFC 2798
+    - posixAccount    # POSIX/UNIX login attributes (uidNumber, gidNumber …) – RFC 2307
+    - nextcloudUser   # Nextcloud-specific auxiliary attributes (nextcloudQuota, nextcloudEnabled) – Nextcloud schema
diff --git a/roles/docker-keycloak/templates/import/realm.json.j2 b/roles/docker-keycloak/templates/import/realm.json.j2
index e7fa0b7b..f0adae62 100644
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@@ -2070,7 +2070,7 @@
             "false"
           ],
           "userObjectClasses": [
-            "person, inetOrgPerson, nextcloudUser"
+            "{{ ldap.user_objects | join(', ') }}"
           ],
           "rdnLDAPAttribute": [
             "{{ldap.attributes.user_id}}"
diff --git a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2 b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
index 86b5c7b5..5564e9f2 100644
--- a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
+++ b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
@@ -16,9 +16,9 @@ description: Container for application access profiles
 # Create User {{ username }}
 #######################################################################
 dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: posixAccount
+{% for cls in ldap.user_objects %}
+objectClass: {{ cls }}
+{% endfor %}
 {{ ldap.attributes.user_id }}: {{ username }}
 sn: {{ username }}
 cn: {{ username }}