To add to Quanah's right statement: Generally operational attributes are those attributes that are managed by the server and not by the clients, e.g. modifyTimeStamp etc. Since the server manages memberOf on the fly (based on the client managed member attribute in group objects) it is IMO rightly marked as operational.
Cheers, Peter Am 03.09.20 um 17:16 schrieb Quanah Gibson-Mount: > > > --On Thursday, September 3, 2020 9:26 AM +0200 Ulrich Windl > <[email protected]> wrote: > >> I thought operational attributes are mainly for "internal management >> purposes". Are there any rules what makes an attribute operational? > > Depends on the attribute. Most are defined such via RFC. In the case > of memberOf, there is no RFC, so we match how Microsoft has set the > attribute, since they originated it. They marked it operational. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> -- Peter Gietz, CEO DAASI International GmbH Europaplatz 3 D-72072 Tübingen Germany phone: +49 7071 407109-0 fax: +49 7071 407109-9 email: [email protected] web: www.daasi.de Sitz der Gesellschaft: Tübingen Registergericht: Amtsgericht Stuttgart, HRB 382175 Geschäftsleitung: Peter Gietz
