At 03:14 PM 12/7/2006, Quanah Gibson-Mount wrote:
--On Thursday, December 07, 2006 2:27 PM -0800 "Kurt D.
Zeilenga" <Kurt(a)OpenLDAP.org> wrote:
>[moved to devel]
>Well, from a data model perspective, the attributes seems to
>belong to directory system agent, not user applications. Their
>values do change at the whim of the directory system agent.
>Also, if they were user applications attributes, they couldn't
>disallow user modification in their descriptions (modification
>would have to be denied by other means).
>I do note that these attributes really should have usage
>dSAOperation not directoryOperation.
I think one could argue that in this case, slapd is the user application, and this is the
data it is maintaining.
One can argue just about anything...
I also find the marking of them as operational as somewhat misleading.
Hmm.. the attribute are in the DsaIT not the DIT, not in
a naming context (and cannot be instantitate in the DIT),
take values specific to the DSA, have DSA local names,
user changes to them impact DSA behavior (like changes to
the log level), and are generally maintained by the DSA.
I think it would be misleading not to mark them as operational,
and specifically dSAOperation.
For monitoring clients (like all LDAP specific-purpose
clients), they really should just ask for the particular
monitor attributes they support, possibly using the
For browsing by humans (generally an administrator), the human
can just ask for * and +.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html