Operational attributes
There are several attributes that have special meaning to the Directory
Server known as operational attributes. These are attributes that are maintained
by the server and either reflect information the server manages about an entry
or affect server operation. These attributes have special characteristics:
- The attributes are not returned by a search operation unless they are
specifically requested (by name) in the search request
- The attributes are not part of any object class. The server controls
what entries have the attributes.
The following sets of operational attributes are some of the operational
attributes supported by the Directory Server:
creatorsName, createTimestamp, modifiersName, modifyTimestamp
are present on every entry. These attributes show the bind DN and time when
an entry was first created or last modified. You can use these attributes
in search filters, for example, to find all entries modified after a specified
time. These attributes cannot be modified by any user. These attributes are
replicated to consumer servers and are imported and exported in LDIF files.
- ibm-entryuuid. Present on every entry that is created while the server
is at V5R3 or later. This attribute is a universally unique string identifier
assigned to each entry by the server when the entry is created. It is useful
for applications that need to distinguish between identically named entries
on different servers. The attribute uses the DCE UUID algorithm to generate
an ID that is unique across all entries on all servers using a timestamp,
adapter address, and other information.
- entryowner, ownersource, ownerpropagate, aclentry, aclsource, aclpropagate,
ibm-filteracl, ibm-filteraclinherit, ibm-effectiveAcl. For more information,
see Access control lists.
- hasSubordinates. Present on every entry and has the value TRUE if the
entry has subordinates.
- numSubordinates. Present on every entry and contains the number of entries
which are children of this entry.
- pwdChangedTime, pwdAccountLockedTime, pwdExpirationWarned, pwdFailureTime,
pwdGraceUseTime, pwdReset, pwdHistory. For more information, see Password policy.
- subschemasubentry - Present on every entry and identifies the location
of the schema for that part of the tree. This is useful for servers with multiple
schemas if you want to find the schema that you can use in that part of the
tree.
For a complete list of operational attributes, use the following extended
operation: ldapexop -op getattributes -attrType operational -matches
true.