Operational attributes are attributes that are used internally by the server. They generally can't be modified by a user, although one can read them.
In order to retrieve an operational attribute, you have to require it explicitely, or request all of them using the special attribute ‘+’.
RFC 4512 defines four different flavors of AttributeType :
ApacheDS support a list of standard LDAP operational attributes, plus a few that are specific. Here are the supported operational attributes.
Those operational attributes are stored in the RootDSE, and global to the server. They can't be modified by a user.
| Attribute name | Type | Category | Description |
|---|---|---|---|
| vendorName | DSA OPERATION | Standard | RFC3045: name of implementation vendor |
| vendorVersion | DSA OPERATION | Standard | RFC3045: version of implementation |
| entryTtl | DSA OPERATION | Standard | RFC2589: entry time-to-live |
| dynamicSubtrees | DSA OPERATION | Standard | RFC2589: dynamic subtrees |
| supportedFeatures | DSA OPERATION | Standard | RFC3674: features supported by the server |
| supportedControl | DSA OPERATION | Standard | RFC2252: supported controls |
| supportedSASLMechanisms | DSA OPERATION | Standard | RFC2252: supported SASL mechanisms |
| supportedLDAPVersion | DSA OPERATION | Standard | RFC2252: supported LDAP versions |
| namingContexts | DSA OPERATION | Standard | RFC2252: naming contexts |
| altServer | DSA OPERATION | Standard | RFC2252: alternative servers |
| supportedExtension | DSA OPERATION | Standard | RFC2252: supported extended operations |
Those are attributes related to an entry, carrying some additional information about it
| Attribute name | Type | Category | Description |
|---|---|---|---|
| createTimestamp | DIRECTORY OPERATION | Standard | RFC2252: time which object was created |
| modifyTimestamp | DIRECTORY OPERATION | Standard | RFC2252: time which object was last modified |
| creatorsName | DIRECTORY OPERATION | Standard | RFC2252: name of creator |
| modifiersName | DIRECTORY OPERATION | Standard | RFC2252: name of last modifier |
| hasSubordinates | DIRECTORY OPERATION | Standard | X.501: entry has children |
| ref | DISTRIBUTED OPERATION | Standard | RFC3296: named reference - a labeledURI |
| entryUUID | DIRECTORY OPERATION | ApacheDS | UUID of the entry |
| entryDN | DIRECTORY OPERATION | ApacheDS | DN of the entry |
| entryCSN | DIRECTORY OPERATION | ApacheDS | Change sequence number of the entry |
| nbChildren | DIRECTORY OPERATION | ApacheDS | The number of children for this entry |
| nbSubordinates | DIRECTORY OPERATION | ApacheDS | The number of subordinates for this entry |
| entryParentId | DIRECTORY OPERATION | ApacheDS | Attribute holding the id of parent entry |
Those operational attributes are containing the schema elements handled by the server. They are stored in the RootDSE
| Attribute name | Type | Category | Description |
|---|---|---|---|
| ldapSyntaxes | DIRECTORY OPERATION | Standard | RFC2252: LDAP syntaxes |
| subschemaSubentry | DIRECTORY OPERATION | Standard | RFC2252: name of controlling subschema entry |
| dITStructureRules | DIRECTORY OPERATION | Standard | RFC2252: DIT structure rules |
| dITContentRules | DIRECTORY OPERATION | Standard | RFC2252: DIT content rules |
| matchingRules | DIRECTORY OPERATION | Standard | RFC2252: matching rules |
| attributeTypes | DIRECTORY OPERATION | Standard | RFC2252: attribute types |
| objectClasses | DIRECTORY OPERATION | Standard | RFC2252: object classes |
| nameForms | DIRECTORY OPERATION | Standard | RFC2252: Name Forms |
| matchingRuleUse | DIRECTORY OPERATION | Standard | RFC2252: matching rule uses |
| structuralObjectClass | DIRECTORY OPERATION | Standard | X.500(93): structural object class of entry |
| comparators | DIRECTORY OPERATION | ApacheDS | A multivalued comparator description attribute |
| normalizers | DIRECTORY OPERATION | ApacheDS | A multivalued normalizer description attribute |
| syntaxCheckers | DIRECTORY OPERATION | ApacheDS | A multivalued syntaxCheckers description attribute |
| schemaModifyTimestamp | DIRECTORY OPERATION | ApacheDS | Time which schema was modified |
| schemaModifiersName | DIRECTORY OPERATION | ApacheDS | The DN of the modifier of the schema |
Those are attributes related to collective attributes.
| Attribute name | Type | Category | Description |
|---|---|---|---|
| collectiveAttributeSubentries | DIRECTORY OPERATION | Standard | RFC3671: identifies all collective attribute subentries that affect the entry |
| collectiveExclusions | DIRECTORY OPERATION | Standard | RFC3671: RFC3671: allows particular collective attributes to be excluded from an entry |
Those are attributes related to the Administrative Model management
| Attribute name | Type | Category | Description |
|---|---|---|---|
| administrativeRole | DIRECTORY OPERATION | Standard | RFC3672: indicate that the associated administrative area is concerned withone or more administrative roles |
| subtreeSpecification | DIRECTORY OPERATION | Standard | RFC3672: defines a collection of entries within an administrative area |
| prescriptiveACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a set of entries |
| entryACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a single entry |
| subentryACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a single subentry |
| autonomousAreaSubentry | DIRECTORY OPERATION | ApacheDS | Used to track a subentry associated with an autonomousArea |
| accessControlSubentries | DIRECTORY OPERATION | ApacheDS | Used to track a subentry associated with access control areas |
Those attributes are used in a replication context.
| Attribute name | Type | Category | Description |
|---|---|---|---|
| contextCSN | DIRECTORY OPERATION | ApacheDS | The largest committed CSN of a context |
| entryDeleted | DIRECTORY OPERATION | ApacheDS | Whether or not an entry has been deleted. (Not anymore used) |
Those operational attributes are used to define the various system predefined indexes
| Attribute name | Type | Category | Description |
|---|---|---|---|
| apachePresence | DSA OPERATION | ApacheDS | Index attribute used to track the existence of attributes |
| apacheOneLevel | DSA OPERATION | ApacheDS | Index attribute used to track one level searches |
| apacheOneAlias | DSA OPERATION | ApacheDS | Index attribute used to track single level aliases |
| apacheSubAlias | DSA OPERATION | ApacheDS | Index attribute used to track sub level aliases |
| apacheAlias | DSA OPERATION | ApacheDS | Index attribute used to track aliases |
| apacheSubLevel | DSA OPERATION | ApacheDS | Index attribute used to track sub level searches |
| apacheRdn | DSA OPERATION | ApacheDS | Index attribute RDN with values both user provided and normalized based on schema |
Those are attributes used in the Trigger Interceptor
| Attribute name | Type | Category | Description |
|---|---|---|---|
| prescriptiveTriggerSpecification | DIRECTORY OPERATION | ApacheDS | Trigger specification that applies to a set of entries |
| entryTriggerSpecification | DIRECTORY OPERATION | ApacheDS | Trigger specification that applies to a single entry |
| triggerExecutionSubentries | DIRECTORY OPERATION | ApacheDS | Used to track subentries associated with a trigger area which an entry falls under |
Those operational attributes are meant to be used by teh ChangeLog interceptor. They are not supposed to be distributed, and they can't be modified by a user.
| Attribute name | Type | Category | Description |
|---|---|---|---|
| revisions | DSA OPERATION | ApacheDS | Revision numbers used in change log |
| changeTime | DSA OPERATION | ApacheDS | Represents the time when the change event occurred |
| changeType | DSA OPERATION | ApacheDS | Type of change operation |
| eventId | DSA OPERATION | ApacheDS | The unique sequential id for the event (a.k.a revision number) |
| committer | DSA OPERATION | ApacheDS | The principal committing the change |
| changeLogContext | DSA OPERATION | ApacheDS | Tells about the changelog context suffix |