Operational attributes

Edit online

The operational attributes are maintained by the server. These attributes either reflect information the server manages about an entry, or affect the server operation.

These attributes have the following special characteristics:

The attributes are not returned by a search operation unless they are requested (by name) in the search request.
These attributes cannot be deleted.
The attributes are not part of any object class. The server controls what entries have the attributes.

The following lists of operational attributes are supported by IBM® Security Directory Server.

aclEntry
aclPropagate
aclSource
aliasedObjectName, aliasedentryName
createTimestamp
creatorsName
entryOwner
hasSubordinates
ibm-allGroups
ibm-allMembers
ibm-capabilitiessubentry
ibm-effectiveAcl
ibm-entryChecksum
ibm-entryChecksumOp
ibm-entryUuid
ibm-filterAclEntry
ibm-filterAclInherit
ibm-pwdAccountLocked
ibm-replicationChangeLDIF
ibm-replicationFailedChangeCount
ibm-replicationFailedChanges
ibm-replicationIsQuiesced
ibm-replicationLastActivationTime
ibm-replicationLastChangeId
ibm-replicationLastFinishTime
ibm-replicationLastGlobalChangeId
ibm-replicationLastResult
ibm-replicationLastResultAdditional
ibm-replicationNextTime
ibm-replicationPendingChangeCount
ibm-replicationPendingChanges
ibm-replicationperformance
ibm-replicationState
ibm-replicationThisServerIsMaster
ibm-searchSizeLimit
ibm-searchTimeLimit
ibm-slapdCryptoSalt
modifiersName
modifyTimestamp
numSubordinates
ownerPropagate
ownerSource
pwdAccountLockedTime
pwdChangedTime
pwdExpirationWarned
pwdFailureTime
pwdGraceUseTime
pwdHistory
pwdReset
subschemaSubentry
subtreeSpecification

See Required attribute definitions for IBM Security Directory Server for more information about these attributes.

A special attribute description, "+", can be used in the attribute list of a search request to return all operational attributes. If a "+" is present in the search request, the server returns all operational attributes to which the client is authorized. For further information, see the idsldapsearch command information in the Command Reference.

The following table lists the supported special attributes, and the associated list of operational attributes:

Table 1. Supported special attributes and associated list of operational attributes
Attribute	Attributes that are returned by "+" attribute	Attributes added by ++
`+`	Returns all attributes that are listed in this column.	`++` returns all attributes that are listed in this column
`+ibmaci`	`aclentry aclsource aclpropagate entryowner ownersource ownerpropagate ibm-filterAclEntry ibm-filterAclInherit ibm-effectiveAcl`
`+ibmentry`	`creatorsname createtimestamp modifiersname modifytimestamp subschemasubentry ibm-entryuuid ibm-capabilitiessubentry ibm-enabledcapabilities (1) ibm-supportedcapabilities (1) ibm-replicationThisServerIsMaster ibm-replicationIsQuiesced`	`++ibmentry` includes the attributes from `+ibmentry` and adds: `ibm-allgroups ibm-allmembers ibm-entryChecksum ibm-entryChecksumOp numsubordinates hassubordinates`
`+ibmpwdpolicy`	`pwdAccountLockedTime pwdChangedTime pwdExpirationWarned pwdFailureTime pwdGraceUseTime pwdHistory pwdReset ibm-pwdAccountLocked ibm-pwdGroupPolicyDN ibm-pwdIndividualPolicyDN`
`+ibmrepl`	`ibm-replicationChangeLDIF ibm-replicationLastActivationTime ibm-replicationLastChangeId ibm-replicationLastFinishTime ibm-replicationLastResult ibm-replicationLastResultAdditional ibm-replicationNextTime ibm-replicationPendingChangeCount ibm-replicationState ibm-replicationFailedChangeCount ibm-replicationperformance`	`++ibmrepl` includes the attributes from `+ibmrepl` and adds: `ibm-replicationPendingChanges ibm-replicationFailedChanges`