|
| |
| Sun Java(TM) System Directory Server 5.2 2005Q1 Administration Reference | |
Chapter 11
Operational AttributesThis chapter describes the operational attributes used by Directory Server. Operational attributes may be available for use on every entry in the directory, regardless of whether they are defined for the object class of the entry. Operational attributes are returned in an ldapsearch operation only if they are specifically requested.
accountUnlockTimeDefinition
Indicates the exact time after which a user can attempt to bind to the directory (after an account lockout). This attribute is used only when the password policy is enabled.
This attribute is defined in Sun Java System Directory Server.
Syntax
GeneralizedTime, single-valued.
OID
2.16.840.1.113730.3.1.95
aciDefinition
Used by Directory Server to evaluate what rights are granted or denied when it receives an LDAP request from a client. Note that this is an operational attribute. It is not returned in a search unless you explicitly request it.
This attribute is defined in Sun Java System Directory Server.
Syntax
IA5String, multi-valued.
OID
2.16.840.1.113730.3.1.55
attributeTypesDefinition
Multi-valued attribute that specifies the attribute types used within a subschema. Each value describes a single attribute.
This attribute is defined in RFC 2252.
Syntax
Attribute types syntax, multi-valued.
OID
2.5.21.5
copiedFromDefinition
Used by read-only replica to recognize master data source. Contains a reference to the server that holds the master data. Note that this attribute is only used for legacy replication. It is not used for multi-master replication.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.613
copyingFromDefinition
Used by read-only replica to recognize master data source while replication is in progress. Contains a reference to the server that holds the master data. Note that this attribute is only used for legacy replication. It is not used for multi-master replication.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.614
dITContentRulesDefinition
Multi-valued attribute that defines the DIT content rules in force within a subschema. Each value defines one DIT content rule. Each value is tagged by the object identifier of the structural object class to which it pertains.
Note that Sun Java System Directory Server does not support or use this attribute.
This attribute is defined in RFC 2252.
Syntax
DIT content rules syntax, multi-valued.
OID
2.5.21.2
dITStructureRulesDefinition
Multi-valued attribute that defines the DIT structure rules in force within a subschema. Each value defines one DIT structure rule.
Note that Sun Java System Directory Server does not support or use this attribute.
This attribute is defined in RFC 2252.
Syntax
DIT structure rules syntax, multi-valued.
OID
2.5.21.1
ds-pluginDigestDefinition
The configuration digest of a signed plug-in. (The plug-in entry DN, ID, version, type, init function, and vendor are hashed together to create the configuration digest.)
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.4.1.42.2.27.9.1.57
ds-pluginSignatureDefinition
The configuration signature of a signed plug-in.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.4.1.42.2.27.9.1.7
ds5PartialReplConsumerFlaggedDefinition
Specifies that a consumer will receive partial replication updates.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.4.1.42.2.27.9.1.23
ldapSyntaxesDefinition
This attribute identifies the syntaxes implemented, with each value corresponding to one syntax.
This attribute is defined in RFC 2252.
Syntax
LDAP Syntaxes syntax, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.16
matchingRulesDefinition
Multi-valued attribute that defines the matching rules used within a subschema. Each value defines one matching rule.
This attribute is defined in RFC 2252.
Syntax
Matching rule syntax, multi-valued.
OID
2.5.21.4
matchingRuleUseDefinition
Used to indicate the attribute types to which a matching rule applies in a subschema.
This attribute is defined in RFC 2252.
Syntax
Matching rule syntax, multi-valued.
OID
2.5.21.8
nameFormsDefinition
Multi-valued attribute that defines the name forms used in a subschema. Each value defines one name form.
Note that Sun Java System Directory Server does not support or use this attribute.
This attribute is defined in RFC 2252.
Syntax
Name form syntax, multi-valued.
OID
2.5.21.7
namingContextsDefinition
Corresponds to a naming context the server is mastering or shadowing. When Directory Server does not master any information (for example, it is an LDAP gateway to a public X.500 directory), this attribute is absent. When Directory Server believes it contains the entire directory, the attribute has a single value, and that value is the empty string (indicating the null DN of the root).This attribute permits a client contacting a server to choose suitable base objects for searching.
This attribute is defined in RFC 2252.
Syntax
DN, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.5
nsds5replconflictDefinition
This attribute is a conflict marker attribute. It is included on entries that have a change conflict that cannot be resolved automatically by the replication process.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, multi-valued.
OID
2.16.840.1.113730.3.1.973
nsRoleDefinition
This attribute is a computed attribute that is not stored with the entry itself. It identifies which roles an entry belongs to.
This attribute is defined in Sun Java System Directory Server.
Syntax
DN, multi-valued.
OID
2.16.840.1.113730.3.1.574
nsRoleDNDefinition
This attribute contains the distinguished name of each managed role to which the entry belongs. Membership of a managed role is conferred upon an entry by adding the role's DN to the entry's nsRoleDN attribute.
This attribute is not to be confused with the generated nsRole attribute that contains the DN of all roles to which the entry belongs, as computed by Directory Server. Use nsRoleDN to set managed role membership, and use nsRole to evaluate role membership.
For example:
dn: cn=staff,ou=People,dc=example,dc=com
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsSimpleRoleDefinition
objectclass: nsManagedRoleDefinitiondn: uid=bjensen,ou=People,dc=example,dc=com
objectclass: top
objectclass: person
sn: Jensen
cn: Babs Jensen
uid: bjensen
nsroledn: cn=staff,ou=People,dc=example,dc=comA nested role specifies containment of one or more roles of any type. In that case, nsRoleDN defines the DN of the contained roles.
For example:
dn: cn=everybody,o=Sales,o=example.com
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsNestedRoleDefinition
nsroledn: cn=manager,ou=People,dc=example,dc=com
nsroledn: cn=staff,ou=People,dc=example,dc=comThis attribute is defined in Sun Java System Directory Server.
Syntax
DN, multi-valued.
OID
2.16.840.1.113730.3.1.575
numSubordinatesDescription
Indicates how many immediate subordinates an entry has.
For example, numSubordinates=0 in a leaf entry.
This attribute is defined in numSubordinates Internet Draft.
Syntax
Integer, single-valued.
OID
1.3.1.1.4.1.453.16.2.103
objectClassesDefinition
Multi-valued attribute that defines the object classes used in a subschema. Each value defines one object class.
This attribute is defined in RFC 2252.
Syntax
Object classes syntax, multi-valued.
OID
2.5.21.6
passwordAllowChangeTimeDefinition
Indicates the exact time after which the user can change their password.
This attribute is defined in Sun Java System Directory Server.
Syntax
GeneralizedTime, single-valued.
OID
2.16.840.1.113730.3.1.214
passwordExpirationTimeDefinition
Indicates the exact time after which the user's password expires.
This attribute is defined in Sun Java System Directory Server.
Syntax
GeneralizedTime, single-valued.
OID
2.16.840.1.113730.3.1.91
passwordExpWarnedDefinition
Indicates that a password expiration warning has been sent to the user.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
2.16.840.1.113730.3.1.92
passwordHistoryDefinition
Contains the history of the user's previous passwords.
This attribute is defined in Sun Java System Directory Server.
Syntax
Binary, multi-valued.
OID
2.16.840.1.113730.3.1.96
passwordPolicySubentryDefinition
The DN of an LDAPsubentry containing the password policy attributes that will be applied to a user entry.
This attribute is defined in Sun Java System Directory Server.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.4.1.42.2.27.9.1.30
passwordRetryCountDefinition
Counts the number of consecutive failed attempts at entering the correct password.
This attribute is defined in Sun Java System Directory Server.
Syntax
Integer, single-valued.
OID
2.16.840.1.113730.3.1.93
pwdChangedTimeDefinition
Indicates when the userPassword attribute value last changed. May be used with usePwdChangedTime and passwordMaxAge to limit the duration during which a user can log in after a password reset.
This attribute is defined in Sun Java System Directory Server.
Syntax
GeneralizedTime, single-valued.
OID
1.3.6.1.4.1.42.2.27.8.1.16
retryCountResetTimeDefinition
Specifies the exact time after which the passwordRetryCount is reset.
This attribute is defined in Sun Java System Directory Server.
Syntax
GeneralizedTime, single-valued.
OID
2.16.840.1.113730.3.1.94
subschemaSubentryDefinition
DN of the entry that contains schema information for this entry. This attribute is present for every entry in the directory.
For example:
subschemaSubentry: cn=schema
This attribute is defined in RFC 2252.
Syntax
DN, single-valued.
OID
2.5.18.10
supportedControlDefinition
The values of this attribute are the object identifiers (OIDs) that identify the controls supported by the server. When the server does not support controls, this attribute is absent.
This attribute is defined in RFC 2252.
Syntax
OID, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.13
supportedExtensionDefinition
The values of this attribute are the object identifiers (OIDs) that identify the supported extended operations supported by the server. When the server does not support extensions, this attribute is absent.
This attribute is defined in RFC 2252.
Syntax
OID, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.7
supportedLDAPVersionDefinition
Identifies the versions of the LDAP protocol implemented by the server. This attribute is defined in RFC 2252.
Syntax
Integer, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.15
supportedSASLMechanismsDefinition
Identifies the names of supported SASL mechanisms supported by the server. When the server does not support SASL attributes, this attribute is absent. This attribute is defined in RFC 2252.
Syntax
DirectoryString, multi-valued.
OID
1.3.6.1.4.1.1466.101.120.14
vendorNameDefinition
Represents the name of the LDAP server implementor. This attribute must not be used by client applications to gather information related to supported features of the LDAP implementation.
For example:
vendorName: Sun Microsystems, Inc.
This attribute is defined in RFC 3045.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.1.4
vendorVersionDefinition
Represents the version of the LDAP server implementation. This attribute must not be used by client applications to gather information related to supported features of the LDAP implementation.
For example:
vendorVersion: v5.2
This attribute is defined in RFC 3045.
Syntax
DirectoryString, single-valued.
OID
1.3.6.1.1.5