Michael Ströder wrote:
HI!
Why is it not allowed to use
NO-USER-MODIFICATION USAGE dSAOperation
in an attribute type declaration?
Because such an operational attribute requires server-side code to actually implement it, and you haven't got any means to provide that code. Custom operational attributes must be defined using code loaded in a module.
For OATH-LDAP I'd like to define a "virtual" attribute (actually to be processed by back-sock listener) without having to write a slapd overlay.
attributetype ( oath-ldap-at:16 NAME 'oathOTPValue' DESC 'OATH-LDAP: currently valid OTP value of a token' X-ORIGIN 'OATH-LDAP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE ) NO-USER-MODIFICATION USAGE dSAOperation )
But slapd refuses to start:
5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241 (attributetype ( oath-ldap-at:16 NAME 'oathOTPValue' DESC 'OATH-LDAP: currently valid OTP value of a token or associated user entry (not directly used)' X-ORIGIN 'OATH-LDAP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )) 5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241 attributetype: "oath-ldap-at:16" is operational
Ciao, Michael.