To add to Quanah's right statement:
Generally operational attributes are those attributes that are managed by the server and not by the clients, e.g. modifyTimeStamp etc. Since the server manages memberOf on the fly (based on the client managed member attribute in group objects) it is IMO rightly marked as operational.
Cheers,
Peter
Am 03.09.20 um 17:16 schrieb Quanah Gibson-Mount:
--On Thursday, September 3, 2020 9:26 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
I thought operational attributes are mainly for "internal management purposes". Are there any rules what makes an attribute operational?
Depends on the attribute. Most are defined such via RFC. In the case of memberOf, there is no RFC, so we match how Microsoft has set the attribute, since they originated it. They marked it operational.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com