Quanah Gibson-Mount wrote:
--On Thursday, December 07, 2006 2:27 PM -0800 "Kurt D. Zeilenga" Kurt@OpenLDAP.org wrote:
[moved to devel]
Well, from a data model perspective, the attributes seems to belong to directory system agent, not user applications. Their values do change at the whim of the directory system agent. Also, if they were user applications attributes, they couldn't disallow user modification in their descriptions (modification would have to be denied by other means).
I do note that these attributes really should have usage dSAOperation not directoryOperation.
I think one could argue that in this case, slapd is the user application, and this is the data it is maintaining. I also find the marking of them as operational as somewhat misleading.
When generating schema-based input forms in web2ldap I'm treating operational attributes like not editable (except if relax rules control is in effect). I'd like to keep it that way.
=> +1 for defining monitored attributes as operational
web2ldap also obeys NO-USER-MODIFICATION off course...
Ciao, Michael.