replicateOperationalAttributes

  • Name: replicateOperationalAttributes
  • Description: Used to pass the values of operational attributes that are typically set by the server during an add, modify, or modify DN operation.
  • Assigned object identifier: 1.3.18.0.2.10.19
  • Target of control: Server
  • Control criticality: Critical at client’s option
  • Values: The values in this control identify the operational attributes and values to be set. The following ASN.1 (Abstract Syntax Notation One) syntax describes the BER (Basic Encoding Rules) encoding of the control value. 
    ControlValue ::= SEQUENCE OF SEQUENCE { 
  operation		ENUMERATED {
                add     (0),
                delete  (1),
                replace (2) },
  modification    AttributeTypeAndValues
}

AttributeTypeAndValues ::= SEQUENCE {
  type OCTET STRING,
  vals SET OF OCTET STRING
}
    where:
    • operation - Indicates whether the operational attribute value should be added to the entry, should be deleted from the entry, or should replace the current value in the entry.
    • type - Specifies the name of the operational attribute.
    • vals - Specifies the values of the operational attribute.
  • Detailed description: This control is intended to be used to pass values to the server for operational attributes that are typically set by the server, not by the client. For example, a master server might use this control to pass the modifiersName and modifyTimestamp values on a replication request because the entry on the replica has the same values as on the master.
  • Server behavior:
    1. The control is only supported on an add, modify, or modify DN request on a basic replication peer or read-only replica server or an advanced replication consumer server. If the control is specified on another request and the control is critical, the server returns LDAP_UNAVAILABLE_CRITICAL_EXTENSION.
    2. If using basic replication, the requester must be bound as the master server DN or peer server DN for the backend processing the request, as specified by the masterServerDN or peerServerDN configuration option in the backend section of the LDAP server configuration file. If using advanced replication, the requester must be bound as the DN specified as the ibm-replicaCredentialsDN attribute value in the replication agreement. If the requester is not bound in any of these manners and the control is critical, the server returns LDAP_UNAVAILABLE_CRITICAL_EXTENSION.
    3. For an add request and for a modify DN request of a TDBM entry, the operation specified in the control value cannot be delete. If delete is specified, the server returns LDAP_UNWILLING_TO_PERFORM. delete is supported for a modify request and for a modify DN request of an LDBM or CDBM entry.
    4. Each attribute type specified in the control must be defined in the LDAP server schema. If it is not, the server returns LDAP_UNDEFINED_TYPE if the control is critical, otherwise it ignores the attribute.
    5. There is no ACL checking performed for the changes to the entry resulting from the control. The server does perform schema checking to assure the attributes are allowed in the entry.
    6. If more than one replicateOperationalAttributes control is specified in a request, the server returns LDAP_PROTOCOL_ERROR.