Operational attributes are attributes that are used internally by the server. They generally can't be modified by a user, although one can read them.
In order to retrieve an operational attribute, you have to require it explicitely, or request all of them using the special attribute ‘+’.
RFC 4512 defines four different flavors of AttributeType :
ApacheDS support a list of standard LDAP operational attributes, plus a few that are specific. Here are the supported operational attributes.
Those operational attributes are stored in the RootDSE, and global to the server. They can't be modified by a user.
Attribute name | Type | Category | Description |
---|---|---|---|
vendorName | DSA OPERATION | Standard | RFC3045: name of implementation vendor |
vendorVersion | DSA OPERATION | Standard | RFC3045: version of implementation |
entryTtl | DSA OPERATION | Standard | RFC2589: entry time-to-live |
dynamicSubtrees | DSA OPERATION | Standard | RFC2589: dynamic subtrees |
supportedFeatures | DSA OPERATION | Standard | RFC3674: features supported by the server |
supportedControl | DSA OPERATION | Standard | RFC2252: supported controls |
supportedSASLMechanisms | DSA OPERATION | Standard | RFC2252: supported SASL mechanisms |
supportedLDAPVersion | DSA OPERATION | Standard | RFC2252: supported LDAP versions |
namingContexts | DSA OPERATION | Standard | RFC2252: naming contexts |
altServer | DSA OPERATION | Standard | RFC2252: alternative servers |
supportedExtension | DSA OPERATION | Standard | RFC2252: supported extended operations |
Those are attributes related to an entry, carrying some additional information about it
Attribute name | Type | Category | Description |
---|---|---|---|
createTimestamp | DIRECTORY OPERATION | Standard | RFC2252: time which object was created |
modifyTimestamp | DIRECTORY OPERATION | Standard | RFC2252: time which object was last modified |
creatorsName | DIRECTORY OPERATION | Standard | RFC2252: name of creator |
modifiersName | DIRECTORY OPERATION | Standard | RFC2252: name of last modifier |
hasSubordinates | DIRECTORY OPERATION | Standard | X.501: entry has children |
ref | DISTRIBUTED OPERATION | Standard | RFC3296: named reference - a labeledURI |
entryUUID | DIRECTORY OPERATION | ApacheDS | UUID of the entry |
entryDN | DIRECTORY OPERATION | ApacheDS | DN of the entry |
entryCSN | DIRECTORY OPERATION | ApacheDS | Change sequence number of the entry |
nbChildren | DIRECTORY OPERATION | ApacheDS | The number of children for this entry |
nbSubordinates | DIRECTORY OPERATION | ApacheDS | The number of subordinates for this entry |
entryParentId | DIRECTORY OPERATION | ApacheDS | Attribute holding the id of parent entry |
Those operational attributes are containing the schema elements handled by the server. They are stored in the RootDSE
Attribute name | Type | Category | Description |
---|---|---|---|
ldapSyntaxes | DIRECTORY OPERATION | Standard | RFC2252: LDAP syntaxes |
subschemaSubentry | DIRECTORY OPERATION | Standard | RFC2252: name of controlling subschema entry |
dITStructureRules | DIRECTORY OPERATION | Standard | RFC2252: DIT structure rules |
dITContentRules | DIRECTORY OPERATION | Standard | RFC2252: DIT content rules |
matchingRules | DIRECTORY OPERATION | Standard | RFC2252: matching rules |
attributeTypes | DIRECTORY OPERATION | Standard | RFC2252: attribute types |
objectClasses | DIRECTORY OPERATION | Standard | RFC2252: object classes |
nameForms | DIRECTORY OPERATION | Standard | RFC2252: Name Forms |
matchingRuleUse | DIRECTORY OPERATION | Standard | RFC2252: matching rule uses |
structuralObjectClass | DIRECTORY OPERATION | Standard | X.500(93): structural object class of entry |
comparators | DIRECTORY OPERATION | ApacheDS | A multivalued comparator description attribute |
normalizers | DIRECTORY OPERATION | ApacheDS | A multivalued normalizer description attribute |
syntaxCheckers | DIRECTORY OPERATION | ApacheDS | A multivalued syntaxCheckers description attribute |
schemaModifyTimestamp | DIRECTORY OPERATION | ApacheDS | Time which schema was modified |
schemaModifiersName | DIRECTORY OPERATION | ApacheDS | The DN of the modifier of the schema |
Those are attributes related to collective attributes.
Attribute name | Type | Category | Description |
---|---|---|---|
collectiveAttributeSubentries | DIRECTORY OPERATION | Standard | RFC3671: identifies all collective attribute subentries that affect the entry |
collectiveExclusions | DIRECTORY OPERATION | Standard | RFC3671: RFC3671: allows particular collective attributes to be excluded from an entry |
Those are attributes related to the Administrative Model management
Attribute name | Type | Category | Description |
---|---|---|---|
administrativeRole | DIRECTORY OPERATION | Standard | RFC3672: indicate that the associated administrative area is concerned withone or more administrative roles |
subtreeSpecification | DIRECTORY OPERATION | Standard | RFC3672: defines a collection of entries within an administrative area |
prescriptiveACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a set of entries |
entryACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a single entry |
subentryACI | DIRECTORY OPERATION | ApacheDS | Access control information that applies to a single subentry |
autonomousAreaSubentry | DIRECTORY OPERATION | ApacheDS | Used to track a subentry associated with an autonomousArea |
accessControlSubentries | DIRECTORY OPERATION | ApacheDS | Used to track a subentry associated with access control areas |
Those attributes are used in a replication context.
Attribute name | Type | Category | Description |
---|---|---|---|
contextCSN | DIRECTORY OPERATION | ApacheDS | The largest committed CSN of a context |
entryDeleted | DIRECTORY OPERATION | ApacheDS | Whether or not an entry has been deleted. (Not anymore used) |
Those operational attributes are used to define the various system predefined indexes
Attribute name | Type | Category | Description |
---|---|---|---|
apachePresence | DSA OPERATION | ApacheDS | Index attribute used to track the existence of attributes |
apacheOneLevel | DSA OPERATION | ApacheDS | Index attribute used to track one level searches |
apacheOneAlias | DSA OPERATION | ApacheDS | Index attribute used to track single level aliases |
apacheSubAlias | DSA OPERATION | ApacheDS | Index attribute used to track sub level aliases |
apacheAlias | DSA OPERATION | ApacheDS | Index attribute used to track aliases |
apacheSubLevel | DSA OPERATION | ApacheDS | Index attribute used to track sub level searches |
apacheRdn | DSA OPERATION | ApacheDS | Index attribute RDN with values both user provided and normalized based on schema |
Those are attributes used in the Trigger Interceptor
Attribute name | Type | Category | Description |
---|---|---|---|
prescriptiveTriggerSpecification | DIRECTORY OPERATION | ApacheDS | Trigger specification that applies to a set of entries |
entryTriggerSpecification | DIRECTORY OPERATION | ApacheDS | Trigger specification that applies to a single entry |
triggerExecutionSubentries | DIRECTORY OPERATION | ApacheDS | Used to track subentries associated with a trigger area which an entry falls under |
Those operational attributes are meant to be used by teh ChangeLog interceptor. They are not supposed to be distributed, and they can't be modified by a user.
Attribute name | Type | Category | Description |
---|---|---|---|
revisions | DSA OPERATION | ApacheDS | Revision numbers used in change log |
changeTime | DSA OPERATION | ApacheDS | Represents the time when the change event occurred |
changeType | DSA OPERATION | ApacheDS | Type of change operation |
eventId | DSA OPERATION | ApacheDS | The unique sequential id for the event (a.k.a revision number) |
committer | DSA OPERATION | ApacheDS | The principal committing the change |
changeLogContext | DSA OPERATION | ApacheDS | Tells about the changelog context suffix |