On Monday, 22 March 2010 12:40:47 Chris Jacobs wrote: > Howard, Tyler, Michael, > > My apologies: I take that back. The entry is indeed on the account - and > it is, in fact, a system attribute. > > I will endeavor to not reply to messages at 4am in the future - a bit too > quick on the /assume/ thing. > > BTW: > How do you identify whether an attribute will be a system attribute or not? > I've plenty to learn on ldap, but even I knew to look at the schema file > - and I'm not certain how one could know whether an attribute would be a > system attribute.
The "USAGE directoryOperation" is the key: [bgmi...@tiger ~]$ ldapsearch -x -s base -b cn=subschema attributetypes|perl -p0e 's/\n //g'|grep pwdPolicySubentry attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation ) On an existing entry, you can ask for only the operational attributes with the '+' modifier, e.g.: [bgmi...@tiger ~]$ ldapsearch -x -LLL uid=bgmilne '+' dn: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com structuralObjectClass: inetOrgPerson entryUUID: 8b74bea0-f20d-101e-8cdf-6105b6f2f478 creatorsName: uid=account admin,ou=system accounts,dc=ranger,dc=dnsailas,dc=co m createTimestamp: 19960203002836Z pwdPolicySubentry: cn=default,ou=Password Policies,dc=ranger,dc=dnsalias,dc=co m pwdChangedTime: 20100319092937Z entryCSN: 20100323080111.520646Z#000000#003#000000 modifiersName: cn=manager,dc=ranger,dc=dnsalias,dc=com modifyTimestamp: 20100323080111Z entryDN: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com subschemaSubentry: cn=Subschema hasSubordinates: FALSE Regards, Buchan
