On Dec 27, 2008, at 2:46 AM, ando@sys-net.it wrote:

empty or "*" ; all user, except attrs that need to be explicitly req. "+" ; all operational

<all including attrs that need to be explicitly requested> <...>

I note that the specification of '+' does allow a server not to provide all operational attributes. That is, a server is allowed to only return some operational attributes when requested by name.

This is not so with '*' (or empty list). However, that said, I see no particular issue with a server choosing to return a particular user applications attribute only when requested by name. I see this simply as an administrative restriction... and those are always allowed.

(I also note that use of '*' (or empty list) and '+' should generally be limited to requests formed by a human. It is bad (but all to common) practice for application-specific directory clients to ask for everything. They should really only ask for what they are prepared to make use of.

-- Kurt