Re: [Fedora-directory-devel] Attribute to determine allowed write attributes?

Richard Megginson <rmeggins@xxxxxxxxxx> · Wed, 01 Nov 2006 18:54:36 -0700

Andrew Bartlett wrote:
On Wed, 2006-11-01 at 07:05 -0700, Richard Megginson wrote:

Andrew Bartlett wrote:

On Tue, 2006-10-31 at 21:05 -0700, David Boreham wrote:

Andrew Bartlett wrote:

Does anybody have any pointers to an existing feature request like this,
or should I file one in Bugzilla?

This is what is implemented :

http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#1216899

That has:

Information is not given for attributes in an entry that do not have a
value; for example, if the userPassword value is removed, then a
future effective rights search on the entry above would not return any
effective rights for userPassword, even though self-write and
self-delete rights could be allowed. Likewise, if the street attribute
were added with read, compare, and search rights, then street: rsc
would appear in the attributeLevelRights results.

I need information on unknown attributes, so that MMC can show them as
valid, writable fields (not greyed out).  My preferred format is a list
of writable fields, as permitted by the current schema for that entry.

This could be useful in any general purpose GUI app, to have the ability 
to perform one query and get back a list of
1) regular attributes available according to the schema
2) operational attributes - writable vs. read-only
3) virtual attributes - writable vs. read-only

I would like to support the openldap "+" special attribute which 
retrieves all operational attributes, and I would also like to support 
the Sun DS real and virtual attrs controls.

Andrew, I think it would be beneficial to me if you could post an 
example ldapsearch and an example return entry in LDIF.

Using Samba's ldbsearch:

bin/ldbsearch -H ldap://win2k3dc.win2k3.abartlet.net cn=administrator
allowedAttributes allowedAttributesEffective allowedClasses
AllowedClassesEffective -Uadministrator%penguin

What do allowedAttributes and allowedAttributesEffective mean?  Are they 
the writable attributes as allowed by schema and access control?  What 
does the "Effective" mean?
What are allowedClasses and AllowedClassesEffective?
(see attached).

Andrew Bartlett

------------------------------------------------------------------------

Unknown parameter encountered: "tls enable"
Ignoring unknown parameter "tls enable"
# record 1
dn: CN=Administrator,CN=Users,DC=win2k3,DC=abartlet,DC=net
allowedAttributes: msExchOmaAdminExtendedSettings
allowedAttributes: msExchOmaAdminWirelessEnable
allowedAttributes: msExchTUISpeed
allowedAttributes: msExchTUIVolume
allowedAttributes: msExchTUIPassword
allowedAttributes: msExchVoiceMailboxID
allowedAttributes: msExchOriginatingForest
allowedAttributes: msExchIMAPOWAURLPrefixOverride
allowedAttributes: msExchPfRootUrl
allowedAttributes: msExchMailboxUrl
allowedAttributes: msExchPoliciesExcluded
allowedAttributes: msExchPoliciesIncluded
allowedAttributes: msExchCustomProxyAddresses
allowedAttributes: msExchProxyCustomProxy
allowedAttributes: msExchPolicyEnabled
allowedAttributes: msExchPolicyOptionList
allowedAttributes: msExchQueryBaseDN
allowedAttributes: dLMemDefault
allowedAttributes: msExchRecipLimit
allowedAttributes: msExchMailboxFolderSet
allowedAttributes: msExchMailboxGuid
allowedAttributes: mDBOverHardQuotaLimit
allowedAttributes: msExchFBURL
allowedAttributes: msExchConferenceMailboxBL
allowedAttributes: msExchControllingZone
allowedAttributes: msExchResourceProperties
allowedAttributes: msExchResourceGUID
allowedAttributes: msExchIMAddress
allowedAttributes: msExchIMVirtualServer
allowedAttributes: msExchIMPhysicalURL
allowedAttributes: msExchIMMetaPhysicalURL
allowedAttributes: msExchIMACL
allowedAttributes: msExchUserAccountControl
allowedAttributes: msExchInconsistentState
allowedAttributes: msExchPreviousAccountSid
allowedAttributes: msExchUnmergedAttsPt
allowedAttributes: msExchMasterAccountSid
allowedAttributes: msExchMailboxSecurityDescriptor
allowedAttributes: msExchHideFromAddressLists
allowedAttributes: msExchUseOAB
allowedAttributes: msExchADCGlobalNames
allowedAttributes: msExchALObjectVersion
allowedAttributes: replicationSignature
allowedAttributes: msExchExpansionServerName
allowedAttributes: unmergedAtts
allowedAttributes: msExchHomeServerName
allowedAttributes: labeledURI
allowedAttributes: subSchemaSubEntry
allowedAttributes: modifyTimeStamp
allowedAttributes: createTimeStamp
allowedAttributes: structuralObjectClass
allowedAttributes: userPKCS12
allowedAttributes: preferredLanguage
allowedAttributes: thumbnailLogo
allowedAttributes: thumbnailPhoto
allowedAttributes: middleName
allowedAttributes: departmentNumber
allowedAttributes: carLicense
allowedAttributes: jpegPhoto
allowedAttributes: audio
allowedAttributes: pager
allowedAttributes: mobile
allowedAttributes: secretary
allowedAttributes: homePhone
allowedAttributes: manager
allowedAttributes: photo
allowedAttributes: roomNumber
allowedAttributes: mail
allowedAttributes: textEncodedORAddress
allowedAttributes: uid
allowedAttributes: userSMIMECertificate
allowedAttributes: msExchRequireAuthToSendTo
allowedAttributes: msDRM-IdentityCertificate
allowedAttributes: msDS-ObjectReferenceBL
allowedAttributes: msDs-masteredBy
allowedAttributes: msDS-TasksForAzRoleBL
allowedAttributes: msDS-OperationsForAzRoleBL
allowedAttributes: msDS-TasksForAzTaskBL
allowedAttributes: msDS-OperationsForAzTaskBL
allowedAttributes: msDS-MembersForAzRoleBL
allowedAttributes: msDS-NonMembersBL
allowedAttributes: msDS-AllowedToDelegateTo
allowedAttributes: msIIS-FTPDir
allowedAttributes: msIIS-FTPRoot
allowedAttributes: msDS-KeyVersionNumber
allowedAttributes: msDS-ReplValueMetaData
allowedAttributes: msDS-ReplAttributeMetaData
allowedAttributes: msDS-NCReplOutboundNeighbors
allowedAttributes: msDS-NCReplInboundNeighbors
allowedAttributes: msDS-NCReplCursors
allowedAttributes: lastLogonTimestamp
allowedAttributes: msDS-Approx-Immed-Subordinates
allowedAttributes: msDS-User-Account-Control-Computed
allowedAttributes: msDS-Site-Affinity
allowedAttributes: msDS-Cached-Membership-Time-Stamp
allowedAttributes: msDS-Cached-Membership
allowedAttributes: msCOM-UserPartitionSetLink
allowedAttributes: msCOM-UserLink
allowedAttributes: msCOM-PartitionSetLink
allowedAttributes: tokenGroupsGlobalAndUniversal
allowedAttributes: mS-DS-CreatorSID
allowedAttributes: masteredBy
allowedAttributes: mS-DS-ConsistencyChildCount
allowedAttributes: mS-DS-ConsistencyGuid
allowedAttributes: otherWellKnownObjects
allowedAttributes: dSCorePropagationData
allowedAttributes: accountNameHistory
allowedAttributes: sDRightsEffective
allowedAttributes: tokenGroupsNoGCAcceptable
allowedAttributes: tokenGroups
allowedAttributes: proxiedObjectName
allowedAttributes: msRASSavedFramedRoute
allowedAttributes: msRASSavedFramedIPAddress
allowedAttributes: msRASSavedCallbackNumber
allowedAttributes: msRADIUSServiceType
allowedAttributes: msRADIUSFramedRoute
allowedAttributes: msRADIUSFramedIPAddress
allowedAttributes: msRADIUSCallbackNumber
allowedAttributes: msNPSavedCallingStationID
allowedAttributes: msNPCallingStationID
allowedAttributes: msNPAllowDialin
allowedAttributes: mSMQSignCertificatesMig
allowedAttributes: mSMQDigestsMig
allowedAttributes: mSMQDigests
allowedAttributes: mSMQSignCertificates
allowedAttributes: canonicalName
allowedAttributes: possibleInferiors
allowedAttributes: allowedAttributesEffective
allowedAttributes: allowedAttributes
allowedAttributes: allowedChildClassesEffective
allowedAttributes: allowedChildClasses
allowedAttributes: fromEntry
allowedAttributes: uSNSource
allowedAttributes: terminalServer
allowedAttributes: fRSMemberReferenceBL
allowedAttributes: frsComputerReferenceBL
allowedAttributes: isCriticalSystemObject
allowedAttributes: altSecurityIdentities
allowedAttributes: netbootSCPBL
allowedAttributes: bridgeheadServerListBL
allowedAttributes: lastKnownParent
allowedAttributes: aCSPolicyName
allowedAttributes: servicePrincipalName
allowedAttributes: userSharedFolderOther
allowedAttributes: userSharedFolder
allowedAttributes: url
allowedAttributes: otherIpPhone
allowedAttributes: ipPhone
allowedAttributes: partialAttributeDeletionList
allowedAttributes: lockoutTime
allowedAttributes: userPrincipalName
allowedAttributes: legacyExchangeDN
allowedAttributes: managedObjects
allowedAttributes: assistant
allowedAttributes: otherMailbox
allowedAttributes: mhsORAddress
allowedAttributes: primaryInternationalISDNNumber
allowedAttributes: primaryTelexNumber
allowedAttributes: otherMobile
allowedAttributes: otherFacsimileTelephoneNumber
allowedAttributes: userCert
allowedAttributes: showInAddressBook
allowedAttributes: partialAttributeSet
allowedAttributes: isPrivilegeHolder
allowedAttributes: wellKnownObjects
allowedAttributes: sIDHistory
allowedAttributes: queryPolicyBL
allowedAttributes: dynamicLDAPServer
allowedAttributes: nonSecurityMemberBL
allowedAttributes: serverReferenceBL
allowedAttributes: siteObjectBL
allowedAttributes: systemFlags
allowedAttributes: fSMORoleOwner
allowedAttributes: desktopProfile
allowedAttributes: groupPriority
allowedAttributes: groupsToIgnore
allowedAttributes: sAMAccountType
allowedAttributes: wbemPath
allowedAttributes: division
allowedAttributes: defaultClassStore
allowedAttributes: controlAccessRights
allowedAttributes: logonCount
allowedAttributes: groupMembershipSAM
allowedAttributes: lmPwdHistory
allowedAttributes: accountExpires
allowedAttributes: comment
allowedAttributes: rid
allowedAttributes: adminCount
allowedAttributes: revision
allowedAttributes: operatorCount
allowedAttributes: versionNumber
allowedAttributes: profilePath
allowedAttributes: userParameters
allowedAttributes: supplementalCredentials
allowedAttributes: securityIdentifier
allowedAttributes: primaryGroupID
allowedAttributes: preferredOU
allowedAttributes: pwdLastSet
allowedAttributes: ntPwdHistory
allowedAttributes: otherLoginWorkstations
allowedAttributes: unicodePwd
allowedAttributes: userWorkstations
allowedAttributes: maxStorage
allowedAttributes: logonWorkstation
allowedAttributes: logonHours
allowedAttributes: scriptPath
allowedAttributes: localeID
allowedAttributes: dBCSPwd
allowedAttributes: lastLogon
allowedAttributes: lastLogoff
allowedAttributes: badPasswordTime
allowedAttributes: homeDrive
allowedAttributes: homeDirectory
allowedAttributes: flags
allowedAttributes: employeeID
allowedAttributes: countryCode
allowedAttributes: codePage
allowedAttributes: badPwdCount
allowedAttributes: userAccountControl
allowedAttributes: replUpToDateVector
allowedAttributes: replPropertyMetaData
allowedAttributes: objectGUID
allowedAttributes: name
allowedAttributes: homePostalAddress
allowedAttributes: language
allowedAttributes: personalTitle
allowedAttributes: employeeType
allowedAttributes: personalPager
allowedAttributes: employeeNumber
allowedAttributes: formData
allowedAttributes: forwardingAddress
allowedAttributes: replicatedObjectVersion
allowedAttributes: extensionAttribute15
allowedAttributes: extensionAttribute14
allowedAttributes: extensionAttribute13
allowedAttributes: extensionAttribute12
allowedAttributes: extensionAttribute11
allowedAttributes: supportedAlgorithms
allowedAttributes: msExchHouseIdentifier
allowedAttributes: msExchLabeledURI
allowedAttributes: attributeCertificate
allowedAttributes: internetEncoding
allowedAttributes: protocolSettings
allowedAttributes: dnQualifier
allowedAttributes: enabledProtocols
allowedAttributes: USNIntersite
allowedAttributes: pOPCharacterSet
allowedAttributes: languageCode
allowedAttributes: pOPContentFormat
allowedAttributes: wWWHomePage
allowedAttributes: networkAddress
allowedAttributes: heuristics
allowedAttributes: mailNickname
allowedAttributes: msExchAssistantName
allowedAttributes: kMServer
allowedAttributes: directReports
allowedAttributes: extensionAttribute10
allowedAttributes: extensionAttribute9
allowedAttributes: extensionAttribute8
allowedAttributes: extensionAttribute7
allowedAttributes: extensionAttribute6
allowedAttributes: extensionAttribute5
allowedAttributes: extensionAttribute4
allowedAttributes: extensionAttribute3
allowedAttributes: extensionAttribute2
allowedAttributes: extensionAttribute1
allowedAttributes: expirationTime
allowedAttributes: mAPIRecipient
allowedAttributes: displayNamePrintable
allowedAttributes: targetAddress
allowedAttributes: folderPathname
allowedAttributes: mDBUseDefaults
allowedAttributes: garbageCollPeriod
allowedAttributes: publicDelegatesBL
allowedAttributes: altRecipientBL
allowedAttributes: dLMemRejectPermsBL
allowedAttributes: unauthOrigBL
allowedAttributes: dLMemSubmitPermsBL
allowedAttributes: authOrigBL
allowedAttributes: autoReplyMessage
allowedAttributes: autoReply
allowedAttributes: submissionContLength
allowedAttributes: otherHomePhone
allowedAttributes: mDBOverQuotaLimit
allowedAttributes: uSNDSALastObjRemoved
allowedAttributes: mDBStorageQuota
allowedAttributes: importedFrom
allowedAttributes: streetAddress
allowedAttributes: homeMDB
allowedAttributes: deliveryMechanism
allowedAttributes: publicDelegates
allowedAttributes: extensionData
allowedAttributes: extensionName
allowedAttributes: adminDescription
allowedAttributes: replicationSensitivity
allowedAttributes: unauthOrig
allowedAttributes: proxyAddresses
allowedAttributes: adminDisplayName
allowedAttributes: deliverAndRedirect
allowedAttributes: homeMTA
allowedAttributes: showInAdvancedViewOnly
allowedAttributes: company
allowedAttributes: dLMemSubmitPerms
allowedAttributes: department
allowedAttributes: delivExtContTypes
allowedAttributes: delivContLength
allowedAttributes: co
allowedAttributes: authOrig
allowedAttributes: altRecipient
allowedAttributes: uSNLastObjRem
allowedAttributes: uSNChanged
allowedAttributes: otherPager
allowedAttributes: deletedItemFlags
allowedAttributes: businessRoles
allowedAttributes: ownerBL
allowedAttributes: memberOf
allowedAttributes: repsFrom
allowedAttributes: repsTo
allowedAttributes: securityProtocol
allowedAttributes: info
allowedAttributes: telephoneAssistant
allowedAttributes: objectVersion
allowedAttributes: dSASignature
allowedAttributes: isDeleted
allowedAttributes: dLMemRejectPerms
allowedAttributes: uSNCreated
allowedAttributes: otherTelephone
allowedAttributes: displayName
allowedAttributes: subRefs
allowedAttributes: whenChanged
allowedAttributes: whenCreated
allowedAttributes: attributeCertificateAttribute
allowedAttributes: houseIdentifier
allowedAttributes: distinguishedName
allowedAttributes: x500uniqueIdentifier
allowedAttributes: generationQualifier
allowedAttributes: initials
allowedAttributes: givenName
allowedAttributes: userCertificate
allowedAttributes: userPassword
allowedAttributes: seeAlso
allowedAttributes: preferredDeliveryMethod
allowedAttributes: destinationIndicator
allowedAttributes: registeredAddress
allowedAttributes: internationalISDNNumber
allowedAttributes: x121Address
allowedAttributes: facsimileTelephoneNumber
allowedAttributes: teletexTerminalIdentifier
allowedAttributes: telexNumber
allowedAttributes: telephoneNumber
allowedAttributes: physicalDeliveryOfficeName
allowedAttributes: postOfficeBox
allowedAttributes: postalCode
allowedAttributes: postalAddress
allowedAttributes: businessCategory
allowedAttributes: description
allowedAttributes: title
allowedAttributes: ou
allowedAttributes: o
allowedAttributes: street
allowedAttributes: st
allowedAttributes: l
allowedAttributes: c
allowedAttributes: serialNumber
allowedAttributes: sn
allowedAttributes: objectCategory
allowedAttributes: sAMAccountName
allowedAttributes: objectSid
allowedAttributes: nTSecurityDescriptor
allowedAttributes: instanceType
allowedAttributes: cn
allowedAttributes: objectClass
allowedAttributesEffective: thumbnailPhoto
allowedAttributesEffective: middleName
allowedAttributesEffective: departmentNumber
allowedAttributesEffective: carLicense
allowedAttributesEffective: jpegPhoto
allowedAttributesEffective: audio
allowedAttributesEffective: pager
allowedAttributesEffective: mobile
allowedAttributesEffective: secretary
allowedAttributesEffective: homePhone
allowedAttributesEffective: manager
allowedAttributesEffective: photo
allowedAttributesEffective: roomNumber
allowedAttributesEffective: mail
allowedAttributesEffective: textEncodedORAddress
allowedAttributesEffective: uid
allowedAttributesEffective: userSMIMECertificate
allowedAttributesEffective: msExchRequireAuthToSendTo
allowedAttributesEffective: msDRM-IdentityCertificate
allowedAttributesEffective: thumbnailLogo
allowedAttributesEffective: preferredLanguage
allowedAttributesEffective: userPKCS12
allowedAttributesEffective: labeledURI
allowedAttributesEffective: msExchHomeServerName
allowedAttributesEffective: unmergedAtts
allowedAttributesEffective: msExchExpansionServerName
allowedAttributesEffective: replicationSignature
allowedAttributesEffective: msDS-AllowedToDelegateTo
allowedAttributesEffective: msIIS-FTPDir
allowedAttributesEffective: msIIS-FTPRoot
allowedAttributesEffective: msExchALObjectVersion
allowedAttributesEffective: msExchADCGlobalNames
allowedAttributesEffective: msExchUseOAB
allowedAttributesEffective: msExchHideFromAddressLists
allowedAttributesEffective: msExchMailboxSecurityDescriptor
allowedAttributesEffective: msExchMasterAccountSid
allowedAttributesEffective: lastLogonTimestamp
allowedAttributesEffective: msExchUnmergedAttsPt
allowedAttributesEffective: msExchPreviousAccountSid
allowedAttributesEffective: msDS-Site-Affinity
allowedAttributesEffective: msDS-Cached-Membership-Time-Stamp
allowedAttributesEffective: msDS-Cached-Membership
allowedAttributesEffective: msCOM-UserPartitionSetLink
allowedAttributesEffective: msExchInconsistentState
allowedAttributesEffective: msExchUserAccountControl
allowedAttributesEffective: msExchIMACL
allowedAttributesEffective: mS-DS-CreatorSID
allowedAttributesEffective: msExchIMMetaPhysicalURL
allowedAttributesEffective: mS-DS-ConsistencyChildCount
allowedAttributesEffective: mS-DS-ConsistencyGuid
allowedAttributesEffective: otherWellKnownObjects
allowedAttributesEffective: dSCorePropagationData
allowedAttributesEffective: accountNameHistory
allowedAttributesEffective: msExchIMPhysicalURL
allowedAttributesEffective: msExchIMVirtualServer
allowedAttributesEffective: msExchIMAddress
allowedAttributesEffective: proxiedObjectName
allowedAttributesEffective: msRASSavedFramedRoute
allowedAttributesEffective: msRASSavedFramedIPAddress
allowedAttributesEffective: msRASSavedCallbackNumber
allowedAttributesEffective: msRADIUSServiceType
allowedAttributesEffective: msRADIUSFramedRoute
allowedAttributesEffective: msRADIUSFramedIPAddress
allowedAttributesEffective: msRADIUSCallbackNumber
allowedAttributesEffective: msNPSavedCallingStationID
allowedAttributesEffective: msNPCallingStationID
allowedAttributesEffective: msNPAllowDialin
allowedAttributesEffective: mSMQSignCertificatesMig
allowedAttributesEffective: mSMQDigestsMig
allowedAttributesEffective: mSMQDigests
allowedAttributesEffective: mSMQSignCertificates
allowedAttributesEffective: msExchResourceGUID
allowedAttributesEffective: msExchResourceProperties
allowedAttributesEffective: msExchControllingZone
allowedAttributesEffective: msExchFBURL
allowedAttributesEffective: mDBOverHardQuotaLimit
allowedAttributesEffective: msExchMailboxGuid
allowedAttributesEffective: msExchMailboxFolderSet
allowedAttributesEffective: uSNSource
allowedAttributesEffective: terminalServer
allowedAttributesEffective: msExchRecipLimit
allowedAttributesEffective: dLMemDefault
allowedAttributesEffective: isCriticalSystemObject
allowedAttributesEffective: altSecurityIdentities
allowedAttributesEffective: msExchQueryBaseDN
allowedAttributesEffective: msExchPolicyOptionList
allowedAttributesEffective: lastKnownParent
allowedAttributesEffective: aCSPolicyName
allowedAttributesEffective: servicePrincipalName
allowedAttributesEffective: userSharedFolderOther
allowedAttributesEffective: userSharedFolder
allowedAttributesEffective: url
allowedAttributesEffective: otherIpPhone
allowedAttributesEffective: ipPhone
allowedAttributesEffective: partialAttributeDeletionList
allowedAttributesEffective: lockoutTime
allowedAttributesEffective: userPrincipalName
allowedAttributesEffective: legacyExchangeDN
allowedAttributesEffective: msExchPolicyEnabled
allowedAttributesEffective: assistant
allowedAttributesEffective: otherMailbox
allowedAttributesEffective: mhsORAddress
allowedAttributesEffective: primaryInternationalISDNNumber
allowedAttributesEffective: primaryTelexNumber
allowedAttributesEffective: otherMobile
allowedAttributesEffective: otherFacsimileTelephoneNumber
allowedAttributesEffective: userCert
allowedAttributesEffective: showInAddressBook
allowedAttributesEffective: partialAttributeSet
allowedAttributesEffective: msExchProxyCustomProxy
allowedAttributesEffective: wellKnownObjects
allowedAttributesEffective: sIDHistory
allowedAttributesEffective: msExchCustomProxyAddresses
allowedAttributesEffective: dynamicLDAPServer
allowedAttributesEffective: msExchPoliciesIncluded
allowedAttributesEffective: msExchPoliciesExcluded
allowedAttributesEffective: msExchMailboxUrl
allowedAttributesEffective: systemFlags
allowedAttributesEffective: fSMORoleOwner
allowedAttributesEffective: desktopProfile
allowedAttributesEffective: groupPriority
allowedAttributesEffective: groupsToIgnore
allowedAttributesEffective: sAMAccountType
allowedAttributesEffective: wbemPath
allowedAttributesEffective: division
allowedAttributesEffective: defaultClassStore
allowedAttributesEffective: controlAccessRights
allowedAttributesEffective: logonCount
allowedAttributesEffective: groupMembershipSAM
allowedAttributesEffective: lmPwdHistory
allowedAttributesEffective: accountExpires
allowedAttributesEffective: comment
allowedAttributesEffective: rid
allowedAttributesEffective: adminCount
allowedAttributesEffective: revision
allowedAttributesEffective: operatorCount
allowedAttributesEffective: versionNumber
allowedAttributesEffective: profilePath
allowedAttributesEffective: userParameters
allowedAttributesEffective: supplementalCredentials
allowedAttributesEffective: securityIdentifier
allowedAttributesEffective: primaryGroupID
allowedAttributesEffective: preferredOU
allowedAttributesEffective: pwdLastSet
allowedAttributesEffective: ntPwdHistory
allowedAttributesEffective: otherLoginWorkstations
allowedAttributesEffective: unicodePwd
allowedAttributesEffective: userWorkstations
allowedAttributesEffective: maxStorage
allowedAttributesEffective: logonWorkstation
allowedAttributesEffective: logonHours
allowedAttributesEffective: scriptPath
allowedAttributesEffective: localeID
allowedAttributesEffective: dBCSPwd
allowedAttributesEffective: lastLogon
allowedAttributesEffective: lastLogoff
allowedAttributesEffective: badPasswordTime
allowedAttributesEffective: homeDrive
allowedAttributesEffective: homeDirectory
allowedAttributesEffective: flags
allowedAttributesEffective: employeeID
allowedAttributesEffective: countryCode
allowedAttributesEffective: codePage
allowedAttributesEffective: badPwdCount
allowedAttributesEffective: userAccountControl
allowedAttributesEffective: replUpToDateVector
allowedAttributesEffective: replPropertyMetaData
allowedAttributesEffective: objectGUID
allowedAttributesEffective: name
allowedAttributesEffective: homePostalAddress
allowedAttributesEffective: language
allowedAttributesEffective: personalTitle
allowedAttributesEffective: employeeType
allowedAttributesEffective: personalPager
allowedAttributesEffective: employeeNumber
allowedAttributesEffective: formData
allowedAttributesEffective: forwardingAddress
allowedAttributesEffective: replicatedObjectVersion
allowedAttributesEffective: extensionAttribute15
allowedAttributesEffective: extensionAttribute14
allowedAttributesEffective: extensionAttribute13
allowedAttributesEffective: extensionAttribute12
allowedAttributesEffective: extensionAttribute11
allowedAttributesEffective: supportedAlgorithms
allowedAttributesEffective: msExchHouseIdentifier
allowedAttributesEffective: msExchLabeledURI
allowedAttributesEffective: attributeCertificate
allowedAttributesEffective: internetEncoding
allowedAttributesEffective: protocolSettings
allowedAttributesEffective: dnQualifier
allowedAttributesEffective: enabledProtocols
allowedAttributesEffective: USNIntersite
allowedAttributesEffective: pOPCharacterSet
allowedAttributesEffective: languageCode
allowedAttributesEffective: pOPContentFormat
allowedAttributesEffective: wWWHomePage
allowedAttributesEffective: networkAddress
allowedAttributesEffective: heuristics
allowedAttributesEffective: mailNickname
allowedAttributesEffective: msExchAssistantName
allowedAttributesEffective: kMServer
allowedAttributesEffective: msExchPfRootUrl
allowedAttributesEffective: extensionAttribute10
allowedAttributesEffective: extensionAttribute9
allowedAttributesEffective: extensionAttribute8
allowedAttributesEffective: extensionAttribute7
allowedAttributesEffective: extensionAttribute6
allowedAttributesEffective: extensionAttribute5
allowedAttributesEffective: extensionAttribute4
allowedAttributesEffective: extensionAttribute3
allowedAttributesEffective: extensionAttribute2
allowedAttributesEffective: extensionAttribute1
allowedAttributesEffective: expirationTime
allowedAttributesEffective: mAPIRecipient
allowedAttributesEffective: displayNamePrintable
allowedAttributesEffective: targetAddress
allowedAttributesEffective: folderPathname
allowedAttributesEffective: mDBUseDefaults
allowedAttributesEffective: garbageCollPeriod
allowedAttributesEffective: msExchIMAPOWAURLPrefixOverride
allowedAttributesEffective: msExchOriginatingForest
allowedAttributesEffective: msExchVoiceMailboxID
allowedAttributesEffective: msExchTUIPassword
allowedAttributesEffective: msExchTUIVolume
allowedAttributesEffective: msExchTUISpeed
allowedAttributesEffective: autoReplyMessage
allowedAttributesEffective: autoReply
allowedAttributesEffective: submissionContLength
allowedAttributesEffective: otherHomePhone
allowedAttributesEffective: mDBOverQuotaLimit
allowedAttributesEffective: uSNDSALastObjRemoved
allowedAttributesEffective: mDBStorageQuota
allowedAttributesEffective: importedFrom
allowedAttributesEffective: streetAddress
allowedAttributesEffective: homeMDB
allowedAttributesEffective: deliveryMechanism
allowedAttributesEffective: publicDelegates
allowedAttributesEffective: extensionData
allowedAttributesEffective: extensionName
allowedAttributesEffective: adminDescription
allowedAttributesEffective: replicationSensitivity
allowedAttributesEffective: unauthOrig
allowedAttributesEffective: proxyAddresses
allowedAttributesEffective: adminDisplayName
allowedAttributesEffective: deliverAndRedirect
allowedAttributesEffective: homeMTA
allowedAttributesEffective: showInAdvancedViewOnly
allowedAttributesEffective: company
allowedAttributesEffective: dLMemSubmitPerms
allowedAttributesEffective: department
allowedAttributesEffective: delivExtContTypes
allowedAttributesEffective: delivContLength
allowedAttributesEffective: co
allowedAttributesEffective: authOrig
allowedAttributesEffective: altRecipient
allowedAttributesEffective: uSNLastObjRem
allowedAttributesEffective: uSNChanged
allowedAttributesEffective: otherPager
allowedAttributesEffective: deletedItemFlags
allowedAttributesEffective: businessRoles
allowedAttributesEffective: msExchOmaAdminWirelessEnable
allowedAttributesEffective: msExchOmaAdminExtendedSettings
allowedAttributesEffective: repsFrom
allowedAttributesEffective: repsTo
allowedAttributesEffective: securityProtocol
allowedAttributesEffective: info
allowedAttributesEffective: telephoneAssistant
allowedAttributesEffective: objectVersion
allowedAttributesEffective: dSASignature
allowedAttributesEffective: isDeleted
allowedAttributesEffective: dLMemRejectPerms
allowedAttributesEffective: uSNCreated
allowedAttributesEffective: otherTelephone
allowedAttributesEffective: displayName
allowedAttributesEffective: subRefs
allowedAttributesEffective: whenChanged
allowedAttributesEffective: whenCreated
allowedAttributesEffective: attributeCertificateAttribute
allowedAttributesEffective: houseIdentifier
allowedAttributesEffective: distinguishedName
allowedAttributesEffective: x500uniqueIdentifier
allowedAttributesEffective: generationQualifier
allowedAttributesEffective: initials
allowedAttributesEffective: givenName
allowedAttributesEffective: userCertificate
allowedAttributesEffective: userPassword
allowedAttributesEffective: seeAlso
allowedAttributesEffective: preferredDeliveryMethod
allowedAttributesEffective: destinationIndicator
allowedAttributesEffective: registeredAddress
allowedAttributesEffective: internationalISDNNumber
allowedAttributesEffective: x121Address
allowedAttributesEffective: facsimileTelephoneNumber
allowedAttributesEffective: teletexTerminalIdentifier
allowedAttributesEffective: telexNumber
allowedAttributesEffective: telephoneNumber
allowedAttributesEffective: physicalDeliveryOfficeName
allowedAttributesEffective: postOfficeBox
allowedAttributesEffective: postalCode
allowedAttributesEffective: postalAddress
allowedAttributesEffective: businessCategory
allowedAttributesEffective: description
allowedAttributesEffective: title
allowedAttributesEffective: ou
allowedAttributesEffective: o
allowedAttributesEffective: street
allowedAttributesEffective: st
allowedAttributesEffective: l
allowedAttributesEffective: c
allowedAttributesEffective: serialNumber
allowedAttributesEffective: sn
allowedAttributesEffective: objectCategory
allowedAttributesEffective: sAMAccountName
allowedAttributesEffective: objectSid
allowedAttributesEffective: nTSecurityDescriptor
allowedAttributesEffective: instanceType
allowedAttributesEffective: cn
allowedAttributesEffective: objectClass

# Referral
ref: ldap://exchange.win2k3.abartlet.net/DC=exchange,DC=win2k3,DC=abartlet,DC=net

# Referral
ref: ldap://ForestDnsZones.win2k3.abartlet.net/DC=ForestDnsZones,DC=win2k3,DC=abartlet,DC=net

# Referral
ref: ldap://DomainDnsZones.win2k3.abartlet.net/DC=DomainDnsZones,DC=win2k3,DC=abartlet,DC=net

# Referral
ref: ldap://win2k3.abartlet.net/CN=Configuration,DC=win2k3,DC=abartlet,DC=net

# returned 5 records
# 1 entries
# 4 referrals

------------------------------------------------------------------------

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature
--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel