Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 10. Operational attributes and object classes
Operational attributes are attributes used to perform directory operations and are available for every entry in the directory, regardless of whether they are defined for the object class of the entry. Operational attributes are only returned in an ldapsearch operation if specifically requested.
To return all operational attributes of an object, specify +.
Operational attributes are created and managed by Directory Server on entries, such as the time the entry is created or modified and the creator’s name.
10.1. accountUnlockTime
The accountUnlockTime attribute contains the date and time in GMT-format at which the account becomes unlocked. A value of 0 means that an administrator must unlock the account.
| OID | 2.16.840.1.113730.3.1.95 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.2. aci
The aci attribute evaluates what rights are granted or denied when Red Hat Directory Server receives an LDAP request from a client.
| OID | 2.16.840.1.113730.3.1.55 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.3. altServer
The altServer attribute defines URLs of other servers which might be contacted when this server becomes unavailable. If the server does not have any servers to contact, then this attribute is absent.
This information can be cached in case the preferred LDAP server later becomes unavailable.
| OID | 1.3.6.1.4.1.1466.101.120.6 |
| Syntax | IA5String |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.4. createTimestamp
The createTimestamp attribute contains the date and time that the entry was initially created.
| OID | 2.5.18.1 |
| Syntax | GeneralizedTime |
| Multi- or Single-Valued | Single-valued |
| Defined in |
10.5. creatorsName
The creatorsName attribute contains the name of the user which created the entry.
| OID | 2.5.18.3 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in |
10.6. dITContentRules
The dITContentRules attribute defines the DIT content rules which are in force within a subschema. Each value defines one DIT content rule. Each value is tagged by the object identifier of the structural object class to which it pertains.
| OID | 2.5.21.2 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.7. dITStructureRules
The dITStructureRules attribute defines the DIT structure rules which are in force within a subschema. Each value defines one DIT structure rule.
| OID | 2.5.21.1 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.8. entryusn
The entryusn operational attribute stores an update sequence number (USN) that the server automatically assigns every time a write operation (add, modify, modrdn, or delete) is performed if the USN plugin is enabled.
The USN is stored in the entryUSN operational attribute on the entry and shows the number for the most recent change on any entry.
The entryUSN attribute increments only with operations performed by LDAP clients. It does not count internal operations.
By default, the entryUSN is unique per back end database instance, so entries in other databases may have the same USN. The nsslapd-entryusn-global parameter changes the assignment of USNs from local to global, that is, from being counted on a single database to being counted for all databases in the topology. The parameter is turned off by default.
A corresponding entry, lastusn, is kept in the root DSE entry, which shows the most recently-assigned USN. In local mode, lastusn shows the most recently-assigned USN per back end database. In global mode, lastusn shows the most recently assigned USN for the entire topology.
| OID | 2.16.840.1.113730.3.1.606 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.9. glue
The glue object class defines an entry in a special state: resurrected due to a replication conflict.
This object class is defined by Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.30
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
10.10. hasSubordinates
The hasSubordinates attribute indicates whether the entry has subordinate entries.
| OID | 1.3.6.1.4.1.1466.115.121.1.7 |
| Syntax | Boolean |
| Multi- or Single-Valued | Single-valued |
| Defined in | numSubordinates Internet Draft |
10.11. internalCreatorsName
The internalCreatorsName attribute records which internal user created the entry (plug-in DN). It is for entries which were created by a plugin or by the server, rather than a Red Hat Directory Server user.
The internalCreatorsname attributes always show a plugin as the identity. This plugin could be an additional plugin, such as the MemberOf plugin. If the change is made by the core Red Hat Directory Server, then the plugin is the database plugin, cn=ldbm database,cn=plugins,cn=config.
| OID | 2.16.840.1.113730.3.1.2114 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.12. internalModifiersName
The internalModifiersName attribute records what internal user modified the entry (plugin DN). It is for entries which were modified by a plugin or by the server, rather than a Red Hat Directory Server user
The internalModifiersname attributes always show a plugin as the identity. This plugin could be an additional plugin, such as the MemberOf plugin. If the change is made by the core Red Hat Directory Server, then the plugin is the database plugin, cn=ldbm database,cn=plugins,cn=config.
| OID | 2.16.840.1.113730.3.1.2113 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.13. lastLoginTime
The lastLoginTime attribute contains a timestamp of the last time that the given account authenticated to the directory, in the format YYYMMDDHHMMSSZ. For example:
lastLoginTime: 20200527001051ZThe attribute is used to evaluate account lockout policies based on account inactivity.
| OID | 2.16.840.1.113719.1.1.4.1.35 |
| Syntax | GeneralizedTime |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.14. lastModifiedBy
The lastModifiedBy attribute contains the distinguished name (DN) of the user who last edited the entry.
For example:
lastModifiedBy: cn=Barbara Jensen,ou=Engineering,dc=example,dc=com| OID | 0.9.2342.19200300.100.1.24 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.15. lastModifiedTime
The lastModifiedTime operational attribute contains the time, in UTC format, an entry was last modified.
For example:
lastModifiedTime: Thursday, 22-Sep-93 14:15:00 GMT| OID | 0.9.2342.19200300.100.1.23 |
| Syntax | DirectyString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.16. ldapSubEntry
The ldapSubEntry operational attributes contains operational data. The ldapSubEntry object class is defined in the LDAP Subentry Internet Draft.
Superior Class
top
OID
2.16.840.1.113719.2.142.6.1.1
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Specifies the common name of the entry. |
10.17. ldapSyntaxes
The ldapSyntaxes operational attribute identifies the syntaxes implemented, with each value corresponding to one syntax.
| OID | 1.3.6.1.4.1.1466.101.120.16 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.18. matchingRules
The matchingRules operational attribute defines the matching rules used within a subschema. Each value defines one matching rule.
| OID | 2.5.21.4 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.19. matchingRuleUse
The matchingRuleUse attribute indicates the attribute types to which a matching rule applies in a subschema.
| OID | 2.5.21.8 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.20. modifiersName
The modifiersName attribute contains the name of the user which last modified the entry.
| OID | 2.5.18.4 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in |
10.21. modifyTimestamp
The modifyTimestamp attribute contains the date and time that the entry was most recently modified.
| OID | 2.5.18.2 |
| Syntax | GeneralizedTime |
| Multi- or Single-Valued | Single-valued |
| Defined in |
10.22. nameForms
The nameForms attribute defines the name forms used in a subschema. Each value defines one name form.
| OID | 2.5.21.7 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in |
10.23. nsAccountLock
The nsAccountLock attribute shows whether the account is active or inactive.
| OID | 2.16.840.1.113730.3.1.610 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.24. nsAIMStatusGraphic
The nsAIMStatusGraphic attribute contains a path pointing to the graphic which illustrates the AIM user status.
| OID | 2.16.840.1.113730.3.1.2018 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.25. nsAIMStatusText
The nsAIMStatusText attribute contains the text which indicates the current AIM user status.
| OID | 2.16.840.1.113730.3.1.2017 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.26. nsBackendSuffix
The nsBackendSuffix attribute contains the suffix used by the backend.
| OID | 2.16.840.1.113730.3.1.803 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.27. nscpEntryDN
The nscpEntryDN attribute contains the (former) entry distinguished name (DN) for a tombstone entry.
| OID | 2.16.840.1.113730.3.1.545 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.28. nsDS5ReplConflict
The nsDS5ReplConflict attribute indicates that entries have a change conflict that cannot be resolved automatically by the synchronization or replication process.
The value of the nsDS5ReplConflict contains information about which entries are in conflict, usually by referring to them by their nsUniqueID for both current entries and tombstone entries.
| OID | 2.16.840.1.113730.3.1.973 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.29. nsICQStatusGraphic
The nsICQStatusGraphic attribute contains a path pointing to the graphic which illustrates the ICQ user status.
| OID | 2.16.840.1.113730.3.1.2022 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.30. nsICQStatusText
The nsICQStatusText attribute contains the text for the current ICQ user status.
| OID | 2.16.840.1.113730.3.1.2021 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.31. nsIdleTimeout
The nsIdleTimeout attribute identifies the user-based connection idle timeout period, in seconds.
| OID | 2.16.840.1.113730.3.1.573 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.32. nsIDListScanLimit
The nsIDListScanLimit attribute specifies the number of entry IDs that are searched during a search operation. Keep the default value to improve search performance.
| OID | 2.16.840.1.113730.3.1.2106 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.33. nsLookThroughLimit
The nsLookThroughLimit attribute sets the maximum number of entries for that user through which the server is allowed to look during a search operation.
The attribute is configured in the server itself and applied to users when they initiate searches.
| OID | 2.16.840.1.113730.3.1.570 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.34. nsPagedIDListScanLimit
The nsPagedIDListScanLimit attribute specifies the number of entry IDs that are searched, specifically, for a search operation using the simple paged results control.
The attribute works the same as the nsIDListScanLimit attribute, except that it only applies to searches with the simple paged results control.
If this attribute is not present or is set to zero, then the nsIDListScanLimit is used to paged searches as well as non-paged searches.
| OID | 2.16.840.1.113730.3.1.2109 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.35. nsPagedLookThroughLimit
The nsPagedLookThroughLimit attribute specifies the maximum number of entries that Red Hat Directory Server checks when examining candidate entries for a search which uses the simple paged results control.
The nsPagedLookThroughLimit attribute works the same as the nsLookThroughLimit attribute, except that it only applies to searches with the simple paged results control.
If this attribute is not present or is set to zero, then the nsLookThroughLimit is used to paged searches as well as non-paged searches.
| OID | 2.16.840.1.113730.3.1.2108 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.36. nsPagedSizeLimit
The nsPagedSizeLimit attribute sets the maximum number of entries to return from a search operation specifically which uses the simple paged results control. This overrides the nsSizeLimit attribute for paged searches.
If this value is set to zero, then the nsSizeLimit attribute is used for paged searches as well as non-paged searches for the user, or the global configuration settings are used.
| OID | 2.16.840.1.113730.3.1.2107 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.37. nsParentUniqueId
For tombstone (deleted) entries stored in replication, the nsParentUniqueId attribute contains the DN or entry ID for the parent of the original entry.
| OID | 2.16.840.1.113730.3.1.544 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.38. nsRole
The nsRole attribute is a computed attribute that is not stored with the entry itself. It identifies to which roles an entry belongs.
| OID | 2.16.840.1.113730.3.1.574 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.39. nsRoleDn
The nsRoleDn attribute contains the distinguished name (DN) of all roles that apply to an entry. Membership of a managed role is granted upon an entry by adding the role’s DN to the entry’s nsRoleDN attribute.
For example:
dn: cn=staff,ou=employees,dc=example,dc=com
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsSimpleRoleDefinition
objectclass: nsManagedRoleDefinition
dn: cn=userA,ou=users,ou=employees,dc=example,dc=com
objectclass: top
objectclass: person
sn: uA
userpassword: secret
nsroledn: cn=staff,ou=employees,dc=example,dc=com
A nested role specifies containment of one or more roles of any type. In that case, nsRoleDN defines the DN of the contained roles. For example:
dn: cn=everybody,ou=employees,dc=example,dc=com
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsNestedRoleDefinition
nsroledn: cn=manager,ou=employees,dc=example,dc=com
nsroledn: cn=staff,ou=employees,dc=example,dc=com| OID | 2.16.840.1.113730.3.1.575 |
| Syntax | DN |
| Multi- or Single-Valued | Multi-valued |
| Defined in | Red Hat Directory Server |
10.40. nsRoleFilter
The nsRoleFilter attribute sets the filter that identifies entries which belong to the role.
| OID | 2.16.840.1.113730.3.1.576 |
| Syntax | IA5String |
| Multi- or Single-Valued | Single-valued |
| Defined in |
10.41. nsSchemaCSN
The nsSchemaCSN attribute is one of the subschema directory server entry (DSE) attribute types.
| OID | 2.5.21.82.16.840.1.113730.3.1.804 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.42. nsSizeLimit
The nsSizeLimit attribute shows the default size limit for a database or database link in bytes.
| OID | 2.16.840.1.113730.3.1.571 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.43. nsTimeLimit
The nsTimeLimit attribute shows the default search time limit for a database or database link.
| OID | 2.16.840.1.113730.3.1.572 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.44. nsTombstone (object class)
Each tombstone entry automatically has the nsTombstone object class.
Tombstone entries are entries which have been deleted from Red Hat Directory Server. For replication and restore operations, these deleted entries are saved and they can be resurrected and replaced if necessary.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.113
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Identifies the unique ID of the parent entry of the original entry. | |
| Identifies the orignal entry DN in a tombstone entry. |
10.45. nsUniqueId
The nsUniqueId attribute identifies or assigns a unique ID to a server entry.
| OID | 2.16.840.1.113730.3.1.542 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.46. nsYIMStatusGraphic
The nsYIMStatusGraphic attribute contains a path pointing to the graphic which illustrates the Yahoo IM user status.
| OID | 2.16.840.1.113730.3.1.2020 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.47. nsYIMStatusText
The nsYIMStatusText attribute contains the text for the current Yahoo IM user status.
| OID | 2.16.840.1.113730.3.1.2019 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.48. numSubordinates
The numSubordinates attribute indicates how many immediate subordinates an entry has.
For example, numSubordinates=0 in a leaf entry.
| OID | 1.3.1.1.4.1.453.16.2.103 |
| Syntax | Integer |
| Multi- or Single-Valued | Single-valued |
| Defined in | numSubordinates Internet Draft |
10.49. passwordGraceUserTime
The passwordGraceUserTime attribute counts the number of login attempts the user made with the expired password.
| OID | 2.16.840.1.113730.3.1.998 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.50. passwordObject (object class)
The passwordObject object class defines entries which store password information for a user in the directory.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.12
| Defines the object classes for the entry. |
| Refers to the amount of time that must pass after an account lockout before the user can bind to the directory again. | |
| Specifies the length of time that must pass before users are allowed to change their passwords. | |
| Specifies the length of time that passes before the user’s password expires. | |
| Indicates that a password expiration warning has been sent to the user. | |
| Counts the number of login attempts the user made with the expired password. | |
| Contains the history of the user’s previous passwords. | |
| Counts the number of consecutive failed attempts at entering the correct password. | |
| Points to the entry DN of the new password policy. | |
|
Specifies the length of time that passes before the |
10.51. passwordRetryCount
The passwordRetryCount attribute counts the number of consecutive failed attempts at entering the correct password.
| OID | 2.16.840.1.113730.3.1.93 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.52. pwdpolicysubentry
The pwdpolicysubentry attribute value points to the entry distinguished name (DN) of the new password policy.
| OID | 2.16.840.1.113730.3.1.997 |
| Syntax | DirectoryString |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.53. pwdUpdateTime
The pwdUpdateTime attribute value stores the time of the most recent password change for the account.
| OID | 2.16.840.1.113730.3.1.2133 |
| Syntax | GeneralizedTime |
| Multi- or Single-Valued | Single-valued |
| Defined in | Red Hat Directory Server |
10.54. subschema (object class)
The subschema auxiliary object class defines the subschema for the subschema administrative area. It holds the operational attributes representing the policy parameters which express the subschema.
This object class is defined in RFC 2252.
Superior Class
top
OID
2.5.20.1
| Defines the object classes for the entry. |
| Attribute types used within a subschema. | |
| Defines the DIT content rules which are in force within a subschema. | |
| Defines the DIT structure rules which are in force within a subschema. | |
| Indicates the attribute types to which a matching rule applies in a subschema. | |
| Defines the matching rules used within a subschema. | |
| Defines the name forms used in a subschema. | |
| Defines the object classes used in a subschema. |
10.55. subschemaSubentry
The subschemaSubentry attribute contains the distinguished name (DN) of an entry that contains schema information.
For example:
subschemaSubentry: cn=schema| OID | 2.5.18.10 |
| Syntax | DN |
| Multi- or Single-Valued | Single-valued |
| Defined in |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}