The <ldap-server> tag (see http://static.springframework.org/spring-security/site/reference/html/ldap.html#d4e1399) allows starting an embedded Apache DS instance.
The instance has a rudimentary default configuration and that includes a basic schema and has schema checking turned on.
If someone wants to load LDIF data that goes beyond that basic schema, this results in an error.
I suggest adding support for running the Apache DS instance with schema checking disabled. This can be accomplished by removing the SchemaService interceptor from the interceptorConfigurations list (see this post on the Apache Directory users mailing list: http://osdir.com/ml/apache.directory.user/2007-11/msg00011.html).
This behaviour could be regulated by a new attribute of the ldap-server element, named "schemaService" (boolean), defaulting to "true".