Andrew Bartlett wrote:
One of the odd things I've noticed since moving to OpenLDAP managing memberOf is that memberOf is a hidden attribute by default. Is that because it is treated as operational (due to being managed by the module)?
Operational attributes are not returned when using * as attribute list. But they are returned when using +. So use *,+ for fetching all attrs. See also http://www.ietf.org/rfc/rfc3673.txt.
I can un-hide it for Samba (I have code that adds a list of attributes to any query for *), but I just wanted to check there wasn't a more elegant way to do it.
If you're only interested in certain attributes you should not use * anyway since this would return also binary attributes like jpegPhoto and userCertificate which likely are of not much use for Samba, are they?
Ciao, Michael.