The all attributes targetattr rule only applies to non-operational attributes. Operational attributes must be explicitly specified in a targetattr ACI statement. This differs from Sun Java System directory server behavior, which allows the all attributes targetattr rule to apply to both operational and non-operational attributes.
It is also illegal to use a not-equal operator when an operational attribute is specified in a targetattr rule. For example, the targetattr rule below is invalid because the operational attribute aclRights is used with a not-equal operator:
(targetattr != aclRights)
Note - A non-equal operator in a targetattr rule specifying non-operational attributes is valid, but the rule is restricted to applying to other non-operational attributes only.
It is illegal to specify both operational and non-operational attributes in the same targetattr statement.
It is illegal to specify both the all attributes targetattr rule and an attribute in the same expression (for example, targetattr="cn || *").