Peter Gietz peter.gietz@daasi.de schrieb am 09.09.2020 um 17:45 in
Nachricht 936a57a3-58ec-9ccd-105d-8e1e2b2749c9@daasi.de:
To add to Quanah's right statement:
Generally operational attributes are those attributes that are managed by the server and not by the clients, e.g. modifyTimeStamp etc. Since the server manages memberOf on the fly (based on the client managed member attribute in group objects) it is IMO rightly marked as operational.
Hi!
That is one aspect; the other aspect is "who _uses_ the attribute?". Typically clients don't care about modifyTimeStamp (maybe even they are not allowed to read it), but obviously memberOf is something the client cares about, because it'S essential information.
Regards, Ulrich
Cheers,
Peter
Am 03.09.20 um 17:16 schrieb Quanah Gibson-Mount:
--On Thursday, September 3, 2020 9:26 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
I thought operational attributes are mainly for "internal management purposes". Are there any rules what makes an attribute operational?
Depends on the attribute. Most are defined such via RFC. In the case of memberOf, there is no RFC, so we match how Microsoft has set the attribute, since they originated it. They marked it operational.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--
Peter Gietz, CEO
DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany
phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: peter.gietz@daasi.de web: www.daasi.de
Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz