[Fedora-directory-devel] Attribute to determine allowed write attributes?
Richard Megginson
rmeggins at redhat.com
Thu Nov 2 01:54:36 UTC 2006
Andrew Bartlett wrote:
> On Wed, 2006-11-01 at 07:05 -0700, Richard Megginson wrote:
>
>> Andrew Bartlett wrote:
>>
>>> On Tue, 2006-10-31 at 21:05 -0700, David Boreham wrote:
>>>
>>>
>>>> Andrew Bartlett wrote:
>>>>
>>>>
>>>>
>>>>> Does anybody have any pointers to an existing feature request like this,
>>>>> or should I file one in Bugzilla?
>>>>>
>>>>>
>>>>>
>>>>>
>>>> This is what is implemented :
>>>>
>>>> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#1216899
>>>>
>>>>
>>> That has:
>>>
>>>
>>>
>>>> Information is not given for attributes in an entry that do not have a
>>>> value; for example, if the userPassword value is removed, then a
>>>> future effective rights search on the entry above would not return any
>>>> effective rights for userPassword, even though self-write and
>>>> self-delete rights could be allowed. Likewise, if the street attribute
>>>> were added with read, compare, and search rights, then street: rsc
>>>> would appear in the attributeLevelRights results.
>>>>
>>>>
>>> I need information on unknown attributes, so that MMC can show them as
>>> valid, writable fields (not greyed out). My preferred format is a list
>>> of writable fields, as permitted by the current schema for that entry.
>>>
>>>
>> This could be useful in any general purpose GUI app, to have the ability
>> to perform one query and get back a list of
>> 1) regular attributes available according to the schema
>> 2) operational attributes - writable vs. read-only
>> 3) virtual attributes - writable vs. read-only
>>
>> I would like to support the openldap "+" special attribute which
>> retrieves all operational attributes, and I would also like to support
>> the Sun DS real and virtual attrs controls.
>>
>> Andrew, I think it would be beneficial to me if you could post an
>> example ldapsearch and an example return entry in LDIF.
>>
>
> Using Samba's ldbsearch:
>
> bin/ldbsearch -H ldap://win2k3dc.win2k3.abartlet.net cn=administrator
> allowedAttributes allowedAttributesEffective allowedClasses
> AllowedClassesEffective -Uadministrator%penguin
>
What do allowedAttributes and allowedAttributesEffective mean? Are they
the writable attributes as allowed by schema and access control? What
does the "Effective" mean?
What are allowedClasses and AllowedClassesEffective?
> (see attached).
>
> Andrew Bartlett
>
>
> ------------------------------------------------------------------------
>
> Unknown parameter encountered: "tls enable"
> Ignoring unknown parameter "tls enable"
> # record 1
> dn: CN=Administrator,CN=Users,DC=win2k3,DC=abartlet,DC=net
> allowedAttributes: msExchOmaAdminExtendedSettings
> allowedAttributes: msExchOmaAdminWirelessEnable
> allowedAttributes: msExchTUISpeed
> allowedAttributes: msExchTUIVolume
> allowedAttributes: msExchTUIPassword
> allowedAttributes: msExchVoiceMailboxID
> allowedAttributes: msExchOriginatingForest
> allowedAttributes: msExchIMAPOWAURLPrefixOverride
> allowedAttributes: msExchPfRootUrl
> allowedAttributes: msExchMailboxUrl
> allowedAttributes: msExchPoliciesExcluded
> allowedAttributes: msExchPoliciesIncluded
> allowedAttributes: msExchCustomProxyAddresses
> allowedAttributes: msExchProxyCustomProxy
> allowedAttributes: msExchPolicyEnabled
> allowedAttributes: msExchPolicyOptionList
> allowedAttributes: msExchQueryBaseDN
> allowedAttributes: dLMemDefault
> allowedAttributes: msExchRecipLimit
> allowedAttributes: msExchMailboxFolderSet
> allowedAttributes: msExchMailboxGuid
> allowedAttributes: mDBOverHardQuotaLimit
> allowedAttributes: msExchFBURL
> allowedAttributes: msExchConferenceMailboxBL
> allowedAttributes: msExchControllingZone
> allowedAttributes: msExchResourceProperties
> allowedAttributes: msExchResourceGUID
> allowedAttributes: msExchIMAddress
> allowedAttributes: msExchIMVirtualServer
> allowedAttributes: msExchIMPhysicalURL
> allowedAttributes: msExchIMMetaPhysicalURL
> allowedAttributes: msExchIMACL
> allowedAttributes: msExchUserAccountControl
> allowedAttributes: msExchInconsistentState
> allowedAttributes: msExchPreviousAccountSid
> allowedAttributes: msExchUnmergedAttsPt
> allowedAttributes: msExchMasterAccountSid
> allowedAttributes: msExchMailboxSecurityDescriptor
> allowedAttributes: msExchHideFromAddressLists
> allowedAttributes: msExchUseOAB
> allowedAttributes: msExchADCGlobalNames
> allowedAttributes: msExchALObjectVersion
> allowedAttributes: replicationSignature
> allowedAttributes: msExchExpansionServerName
> allowedAttributes: unmergedAtts
> allowedAttributes: msExchHomeServerName
> allowedAttributes: labeledURI
> allowedAttributes: subSchemaSubEntry
> allowedAttributes: modifyTimeStamp
> allowedAttributes: createTimeStamp
> allowedAttributes: structuralObjectClass
> allowedAttributes: userPKCS12
> allowedAttributes: preferredLanguage
> allowedAttributes: thumbnailLogo
> allowedAttributes: thumbnailPhoto
> allowedAttributes: middleName
> allowedAttributes: departmentNumber
> allowedAttributes: carLicense
> allowedAttributes: jpegPhoto
> allowedAttributes: audio
> allowedAttributes: pager
> allowedAttributes: mobile
> allowedAttributes: secretary
> allowedAttributes: homePhone
> allowedAttributes: manager
> allowedAttributes: photo
> allowedAttributes: roomNumber
> allowedAttributes: mail
> allowedAttributes: textEncodedORAddress
> allowedAttributes: uid
> allowedAttributes: userSMIMECertificate
> allowedAttributes: msExchRequireAuthToSendTo
> allowedAttributes: msDRM-IdentityCertificate
> allowedAttributes: msDS-ObjectReferenceBL
> allowedAttributes: msDs-masteredBy
> allowedAttributes: msDS-TasksForAzRoleBL
> allowedAttributes: msDS-OperationsForAzRoleBL
> allowedAttributes: msDS-TasksForAzTaskBL
> allowedAttributes: msDS-OperationsForAzTaskBL
> allowedAttributes: msDS-MembersForAzRoleBL
> allowedAttributes: msDS-NonMembersBL
> allowedAttributes: msDS-AllowedToDelegateTo
> allowedAttributes: msIIS-FTPDir
> allowedAttributes: msIIS-FTPRoot
> allowedAttributes: msDS-KeyVersionNumber
> allowedAttributes: msDS-ReplValueMetaData
> allowedAttributes: msDS-ReplAttributeMetaData
> allowedAttributes: msDS-NCReplOutboundNeighbors
> allowedAttributes: msDS-NCReplInboundNeighbors
> allowedAttributes: msDS-NCReplCursors
> allowedAttributes: lastLogonTimestamp
> allowedAttributes: msDS-Approx-Immed-Subordinates
> allowedAttributes: msDS-User-Account-Control-Computed
> allowedAttributes: msDS-Site-Affinity
> allowedAttributes: msDS-Cached-Membership-Time-Stamp
> allowedAttributes: msDS-Cached-Membership
> allowedAttributes: msCOM-UserPartitionSetLink
> allowedAttributes: msCOM-UserLink
> allowedAttributes: msCOM-PartitionSetLink
> allowedAttributes: tokenGroupsGlobalAndUniversal
> allowedAttributes: mS-DS-CreatorSID
> allowedAttributes: masteredBy
> allowedAttributes: mS-DS-ConsistencyChildCount
> allowedAttributes: mS-DS-ConsistencyGuid
> allowedAttributes: otherWellKnownObjects
> allowedAttributes: dSCorePropagationData
> allowedAttributes: accountNameHistory
> allowedAttributes: sDRightsEffective
> allowedAttributes: tokenGroupsNoGCAcceptable
> allowedAttributes: tokenGroups
> allowedAttributes: proxiedObjectName
> allowedAttributes: msRASSavedFramedRoute
> allowedAttributes: msRASSavedFramedIPAddress
> allowedAttributes: msRASSavedCallbackNumber
> allowedAttributes: msRADIUSServiceType
> allowedAttributes: msRADIUSFramedRoute
> allowedAttributes: msRADIUSFramedIPAddress
> allowedAttributes: msRADIUSCallbackNumber
> allowedAttributes: msNPSavedCallingStationID
> allowedAttributes: msNPCallingStationID
> allowedAttributes: msNPAllowDialin
> allowedAttributes: mSMQSignCertificatesMig
> allowedAttributes: mSMQDigestsMig
> allowedAttributes: mSMQDigests
> allowedAttributes: mSMQSignCertificates
> allowedAttributes: canonicalName
> allowedAttributes: possibleInferiors
> allowedAttributes: allowedAttributesEffective
> allowedAttributes: allowedAttributes
> allowedAttributes: allowedChildClassesEffective
> allowedAttributes: allowedChildClasses
> allowedAttributes: fromEntry
> allowedAttributes: uSNSource
> allowedAttributes: terminalServer
> allowedAttributes: fRSMemberReferenceBL
> allowedAttributes: frsComputerReferenceBL
> allowedAttributes: isCriticalSystemObject
> allowedAttributes: altSecurityIdentities
> allowedAttributes: netbootSCPBL
> allowedAttributes: bridgeheadServerListBL
> allowedAttributes: lastKnownParent
> allowedAttributes: aCSPolicyName
> allowedAttributes: servicePrincipalName
> allowedAttributes: userSharedFolderOther
> allowedAttributes: userSharedFolder
> allowedAttributes: url
> allowedAttributes: otherIpPhone
> allowedAttributes: ipPhone
> allowedAttributes: partialAttributeDeletionList
> allowedAttributes: lockoutTime
> allowedAttributes: userPrincipalName
> allowedAttributes: legacyExchangeDN
> allowedAttributes: managedObjects
> allowedAttributes: assistant
> allowedAttributes: otherMailbox
> allowedAttributes: mhsORAddress
> allowedAttributes: primaryInternationalISDNNumber
> allowedAttributes: primaryTelexNumber
> allowedAttributes: otherMobile
> allowedAttributes: otherFacsimileTelephoneNumber
> allowedAttributes: userCert
> allowedAttributes: showInAddressBook
> allowedAttributes: partialAttributeSet
> allowedAttributes: isPrivilegeHolder
> allowedAttributes: wellKnownObjects
> allowedAttributes: sIDHistory
> allowedAttributes: queryPolicyBL
> allowedAttributes: dynamicLDAPServer
> allowedAttributes: nonSecurityMemberBL
> allowedAttributes: serverReferenceBL
> allowedAttributes: siteObjectBL
> allowedAttributes: systemFlags
> allowedAttributes: fSMORoleOwner
> allowedAttributes: desktopProfile
> allowedAttributes: groupPriority
> allowedAttributes: groupsToIgnore
> allowedAttributes: sAMAccountType
> allowedAttributes: wbemPath
> allowedAttributes: division
> allowedAttributes: defaultClassStore
> allowedAttributes: controlAccessRights
> allowedAttributes: logonCount
> allowedAttributes: groupMembershipSAM
> allowedAttributes: lmPwdHistory
> allowedAttributes: accountExpires
> allowedAttributes: comment
> allowedAttributes: rid
> allowedAttributes: adminCount
> allowedAttributes: revision
> allowedAttributes: operatorCount
> allowedAttributes: versionNumber
> allowedAttributes: profilePath
> allowedAttributes: userParameters
> allowedAttributes: supplementalCredentials
> allowedAttributes: securityIdentifier
> allowedAttributes: primaryGroupID
> allowedAttributes: preferredOU
> allowedAttributes: pwdLastSet
> allowedAttributes: ntPwdHistory
> allowedAttributes: otherLoginWorkstations
> allowedAttributes: unicodePwd
> allowedAttributes: userWorkstations
> allowedAttributes: maxStorage
> allowedAttributes: logonWorkstation
> allowedAttributes: logonHours
> allowedAttributes: scriptPath
> allowedAttributes: localeID
> allowedAttributes: dBCSPwd
> allowedAttributes: lastLogon
> allowedAttributes: lastLogoff
> allowedAttributes: badPasswordTime
> allowedAttributes: homeDrive
> allowedAttributes: homeDirectory
> allowedAttributes: flags
> allowedAttributes: employeeID
> allowedAttributes: countryCode
> allowedAttributes: codePage
> allowedAttributes: badPwdCount
> allowedAttributes: userAccountControl
> allowedAttributes: replUpToDateVector
> allowedAttributes: replPropertyMetaData
> allowedAttributes: objectGUID
> allowedAttributes: name
> allowedAttributes: homePostalAddress
> allowedAttributes: language
> allowedAttributes: personalTitle
> allowedAttributes: employeeType
> allowedAttributes: personalPager
> allowedAttributes: employeeNumber
> allowedAttributes: formData
> allowedAttributes: forwardingAddress
> allowedAttributes: replicatedObjectVersion
> allowedAttributes: extensionAttribute15
> allowedAttributes: extensionAttribute14
> allowedAttributes: extensionAttribute13
> allowedAttributes: extensionAttribute12
> allowedAttributes: extensionAttribute11
> allowedAttributes: supportedAlgorithms
> allowedAttributes: msExchHouseIdentifier
> allowedAttributes: msExchLabeledURI
> allowedAttributes: attributeCertificate
> allowedAttributes: internetEncoding
> allowedAttributes: protocolSettings
> allowedAttributes: dnQualifier
> allowedAttributes: enabledProtocols
> allowedAttributes: USNIntersite
> allowedAttributes: pOPCharacterSet
> allowedAttributes: languageCode
> allowedAttributes: pOPContentFormat
> allowedAttributes: wWWHomePage
> allowedAttributes: networkAddress
> allowedAttributes: heuristics
> allowedAttributes: mailNickname
> allowedAttributes: msExchAssistantName
> allowedAttributes: kMServer
> allowedAttributes: directReports
> allowedAttributes: extensionAttribute10
> allowedAttributes: extensionAttribute9
> allowedAttributes: extensionAttribute8
> allowedAttributes: extensionAttribute7
> allowedAttributes: extensionAttribute6
> allowedAttributes: extensionAttribute5
> allowedAttributes: extensionAttribute4
> allowedAttributes: extensionAttribute3
> allowedAttributes: extensionAttribute2
> allowedAttributes: extensionAttribute1
> allowedAttributes: expirationTime
> allowedAttributes: mAPIRecipient
> allowedAttributes: displayNamePrintable
> allowedAttributes: targetAddress
> allowedAttributes: folderPathname
> allowedAttributes: mDBUseDefaults
> allowedAttributes: garbageCollPeriod
> allowedAttributes: publicDelegatesBL
> allowedAttributes: altRecipientBL
> allowedAttributes: dLMemRejectPermsBL
> allowedAttributes: unauthOrigBL
> allowedAttributes: dLMemSubmitPermsBL
> allowedAttributes: authOrigBL
> allowedAttributes: autoReplyMessage
> allowedAttributes: autoReply
> allowedAttributes: submissionContLength
> allowedAttributes: otherHomePhone
> allowedAttributes: mDBOverQuotaLimit
> allowedAttributes: uSNDSALastObjRemoved
> allowedAttributes: mDBStorageQuota
> allowedAttributes: importedFrom
> allowedAttributes: streetAddress
> allowedAttributes: homeMDB
> allowedAttributes: deliveryMechanism
> allowedAttributes: publicDelegates
> allowedAttributes: extensionData
> allowedAttributes: extensionName
> allowedAttributes: adminDescription
> allowedAttributes: replicationSensitivity
> allowedAttributes: unauthOrig
> allowedAttributes: proxyAddresses
> allowedAttributes: adminDisplayName
> allowedAttributes: deliverAndRedirect
> allowedAttributes: homeMTA
> allowedAttributes: showInAdvancedViewOnly
> allowedAttributes: company
> allowedAttributes: dLMemSubmitPerms
> allowedAttributes: department
> allowedAttributes: delivExtContTypes
> allowedAttributes: delivContLength
> allowedAttributes: co
> allowedAttributes: authOrig
> allowedAttributes: altRecipient
> allowedAttributes: uSNLastObjRem
> allowedAttributes: uSNChanged
> allowedAttributes: otherPager
> allowedAttributes: deletedItemFlags
> allowedAttributes: businessRoles
> allowedAttributes: ownerBL
> allowedAttributes: memberOf
> allowedAttributes: repsFrom
> allowedAttributes: repsTo
> allowedAttributes: securityProtocol
> allowedAttributes: info
> allowedAttributes: telephoneAssistant
> allowedAttributes: objectVersion
> allowedAttributes: dSASignature
> allowedAttributes: isDeleted
> allowedAttributes: dLMemRejectPerms
> allowedAttributes: uSNCreated
> allowedAttributes: otherTelephone
> allowedAttributes: displayName
> allowedAttributes: subRefs
> allowedAttributes: whenChanged
> allowedAttributes: whenCreated
> allowedAttributes: attributeCertificateAttribute
> allowedAttributes: houseIdentifier
> allowedAttributes: distinguishedName
> allowedAttributes: x500uniqueIdentifier
> allowedAttributes: generationQualifier
> allowedAttributes: initials
> allowedAttributes: givenName
> allowedAttributes: userCertificate
> allowedAttributes: userPassword
> allowedAttributes: seeAlso
> allowedAttributes: preferredDeliveryMethod
> allowedAttributes: destinationIndicator
> allowedAttributes: registeredAddress
> allowedAttributes: internationalISDNNumber
> allowedAttributes: x121Address
> allowedAttributes: facsimileTelephoneNumber
> allowedAttributes: teletexTerminalIdentifier
> allowedAttributes: telexNumber
> allowedAttributes: telephoneNumber
> allowedAttributes: physicalDeliveryOfficeName
> allowedAttributes: postOfficeBox
> allowedAttributes: postalCode
> allowedAttributes: postalAddress
> allowedAttributes: businessCategory
> allowedAttributes: description
> allowedAttributes: title
> allowedAttributes: ou
> allowedAttributes: o
> allowedAttributes: street
> allowedAttributes: st
> allowedAttributes: l
> allowedAttributes: c
> allowedAttributes: serialNumber
> allowedAttributes: sn
> allowedAttributes: objectCategory
> allowedAttributes: sAMAccountName
> allowedAttributes: objectSid
> allowedAttributes: nTSecurityDescriptor
> allowedAttributes: instanceType
> allowedAttributes: cn
> allowedAttributes: objectClass
> allowedAttributesEffective: thumbnailPhoto
> allowedAttributesEffective: middleName
> allowedAttributesEffective: departmentNumber
> allowedAttributesEffective: carLicense
> allowedAttributesEffective: jpegPhoto
> allowedAttributesEffective: audio
> allowedAttributesEffective: pager
> allowedAttributesEffective: mobile
> allowedAttributesEffective: secretary
> allowedAttributesEffective: homePhone
> allowedAttributesEffective: manager
> allowedAttributesEffective: photo
> allowedAttributesEffective: roomNumber
> allowedAttributesEffective: mail
> allowedAttributesEffective: textEncodedORAddress
> allowedAttributesEffective: uid
> allowedAttributesEffective: userSMIMECertificate
> allowedAttributesEffective: msExchRequireAuthToSendTo
> allowedAttributesEffective: msDRM-IdentityCertificate
> allowedAttributesEffective: thumbnailLogo
> allowedAttributesEffective: preferredLanguage
> allowedAttributesEffective: userPKCS12
> allowedAttributesEffective: labeledURI
> allowedAttributesEffective: msExchHomeServerName
> allowedAttributesEffective: unmergedAtts
> allowedAttributesEffective: msExchExpansionServerName
> allowedAttributesEffective: replicationSignature
> allowedAttributesEffective: msDS-AllowedToDelegateTo
> allowedAttributesEffective: msIIS-FTPDir
> allowedAttributesEffective: msIIS-FTPRoot
> allowedAttributesEffective: msExchALObjectVersion
> allowedAttributesEffective: msExchADCGlobalNames
> allowedAttributesEffective: msExchUseOAB
> allowedAttributesEffective: msExchHideFromAddressLists
> allowedAttributesEffective: msExchMailboxSecurityDescriptor
> allowedAttributesEffective: msExchMasterAccountSid
> allowedAttributesEffective: lastLogonTimestamp
> allowedAttributesEffective: msExchUnmergedAttsPt
> allowedAttributesEffective: msExchPreviousAccountSid
> allowedAttributesEffective: msDS-Site-Affinity
> allowedAttributesEffective: msDS-Cached-Membership-Time-Stamp
> allowedAttributesEffective: msDS-Cached-Membership
> allowedAttributesEffective: msCOM-UserPartitionSetLink
> allowedAttributesEffective: msExchInconsistentState
> allowedAttributesEffective: msExchUserAccountControl
> allowedAttributesEffective: msExchIMACL
> allowedAttributesEffective: mS-DS-CreatorSID
> allowedAttributesEffective: msExchIMMetaPhysicalURL
> allowedAttributesEffective: mS-DS-ConsistencyChildCount
> allowedAttributesEffective: mS-DS-ConsistencyGuid
> allowedAttributesEffective: otherWellKnownObjects
> allowedAttributesEffective: dSCorePropagationData
> allowedAttributesEffective: accountNameHistory
> allowedAttributesEffective: msExchIMPhysicalURL
> allowedAttributesEffective: msExchIMVirtualServer
> allowedAttributesEffective: msExchIMAddress
> allowedAttributesEffective: proxiedObjectName
> allowedAttributesEffective: msRASSavedFramedRoute
> allowedAttributesEffective: msRASSavedFramedIPAddress
> allowedAttributesEffective: msRASSavedCallbackNumber
> allowedAttributesEffective: msRADIUSServiceType
> allowedAttributesEffective: msRADIUSFramedRoute
> allowedAttributesEffective: msRADIUSFramedIPAddress
> allowedAttributesEffective: msRADIUSCallbackNumber
> allowedAttributesEffective: msNPSavedCallingStationID
> allowedAttributesEffective: msNPCallingStationID
> allowedAttributesEffective: msNPAllowDialin
> allowedAttributesEffective: mSMQSignCertificatesMig
> allowedAttributesEffective: mSMQDigestsMig
> allowedAttributesEffective: mSMQDigests
> allowedAttributesEffective: mSMQSignCertificates
> allowedAttributesEffective: msExchResourceGUID
> allowedAttributesEffective: msExchResourceProperties
> allowedAttributesEffective: msExchControllingZone
> allowedAttributesEffective: msExchFBURL
> allowedAttributesEffective: mDBOverHardQuotaLimit
> allowedAttributesEffective: msExchMailboxGuid
> allowedAttributesEffective: msExchMailboxFolderSet
> allowedAttributesEffective: uSNSource
> allowedAttributesEffective: terminalServer
> allowedAttributesEffective: msExchRecipLimit
> allowedAttributesEffective: dLMemDefault
> allowedAttributesEffective: isCriticalSystemObject
> allowedAttributesEffective: altSecurityIdentities
> allowedAttributesEffective: msExchQueryBaseDN
> allowedAttributesEffective: msExchPolicyOptionList
> allowedAttributesEffective: lastKnownParent
> allowedAttributesEffective: aCSPolicyName
> allowedAttributesEffective: servicePrincipalName
> allowedAttributesEffective: userSharedFolderOther
> allowedAttributesEffective: userSharedFolder
> allowedAttributesEffective: url
> allowedAttributesEffective: otherIpPhone
> allowedAttributesEffective: ipPhone
> allowedAttributesEffective: partialAttributeDeletionList
> allowedAttributesEffective: lockoutTime
> allowedAttributesEffective: userPrincipalName
> allowedAttributesEffective: legacyExchangeDN
> allowedAttributesEffective: msExchPolicyEnabled
> allowedAttributesEffective: assistant
> allowedAttributesEffective: otherMailbox
> allowedAttributesEffective: mhsORAddress
> allowedAttributesEffective: primaryInternationalISDNNumber
> allowedAttributesEffective: primaryTelexNumber
> allowedAttributesEffective: otherMobile
> allowedAttributesEffective: otherFacsimileTelephoneNumber
> allowedAttributesEffective: userCert
> allowedAttributesEffective: showInAddressBook
> allowedAttributesEffective: partialAttributeSet
> allowedAttributesEffective: msExchProxyCustomProxy
> allowedAttributesEffective: wellKnownObjects
> allowedAttributesEffective: sIDHistory
> allowedAttributesEffective: msExchCustomProxyAddresses
> allowedAttributesEffective: dynamicLDAPServer
> allowedAttributesEffective: msExchPoliciesIncluded
> allowedAttributesEffective: msExchPoliciesExcluded
> allowedAttributesEffective: msExchMailboxUrl
> allowedAttributesEffective: systemFlags
> allowedAttributesEffective: fSMORoleOwner
> allowedAttributesEffective: desktopProfile
> allowedAttributesEffective: groupPriority
> allowedAttributesEffective: groupsToIgnore
> allowedAttributesEffective: sAMAccountType
> allowedAttributesEffective: wbemPath
> allowedAttributesEffective: division
> allowedAttributesEffective: defaultClassStore
> allowedAttributesEffective: controlAccessRights
> allowedAttributesEffective: logonCount
> allowedAttributesEffective: groupMembershipSAM
> allowedAttributesEffective: lmPwdHistory
> allowedAttributesEffective: accountExpires
> allowedAttributesEffective: comment
> allowedAttributesEffective: rid
> allowedAttributesEffective: adminCount
> allowedAttributesEffective: revision
> allowedAttributesEffective: operatorCount
> allowedAttributesEffective: versionNumber
> allowedAttributesEffective: profilePath
> allowedAttributesEffective: userParameters
> allowedAttributesEffective: supplementalCredentials
> allowedAttributesEffective: securityIdentifier
> allowedAttributesEffective: primaryGroupID
> allowedAttributesEffective: preferredOU
> allowedAttributesEffective: pwdLastSet
> allowedAttributesEffective: ntPwdHistory
> allowedAttributesEffective: otherLoginWorkstations
> allowedAttributesEffective: unicodePwd
> allowedAttributesEffective: userWorkstations
> allowedAttributesEffective: maxStorage
> allowedAttributesEffective: logonWorkstation
> allowedAttributesEffective: logonHours
> allowedAttributesEffective: scriptPath
> allowedAttributesEffective: localeID
> allowedAttributesEffective: dBCSPwd
> allowedAttributesEffective: lastLogon
> allowedAttributesEffective: lastLogoff
> allowedAttributesEffective: badPasswordTime
> allowedAttributesEffective: homeDrive
> allowedAttributesEffective: homeDirectory
> allowedAttributesEffective: flags
> allowedAttributesEffective: employeeID
> allowedAttributesEffective: countryCode
> allowedAttributesEffective: codePage
> allowedAttributesEffective: badPwdCount
> allowedAttributesEffective: userAccountControl
> allowedAttributesEffective: replUpToDateVector
> allowedAttributesEffective: replPropertyMetaData
> allowedAttributesEffective: objectGUID
> allowedAttributesEffective: name
> allowedAttributesEffective: homePostalAddress
> allowedAttributesEffective: language
> allowedAttributesEffective: personalTitle
> allowedAttributesEffective: employeeType
> allowedAttributesEffective: personalPager
> allowedAttributesEffective: employeeNumber
> allowedAttributesEffective: formData
> allowedAttributesEffective: forwardingAddress
> allowedAttributesEffective: replicatedObjectVersion
> allowedAttributesEffective: extensionAttribute15
> allowedAttributesEffective: extensionAttribute14
> allowedAttributesEffective: extensionAttribute13
> allowedAttributesEffective: extensionAttribute12
> allowedAttributesEffective: extensionAttribute11
> allowedAttributesEffective: supportedAlgorithms
> allowedAttributesEffective: msExchHouseIdentifier
> allowedAttributesEffective: msExchLabeledURI
> allowedAttributesEffective: attributeCertificate
> allowedAttributesEffective: internetEncoding
> allowedAttributesEffective: protocolSettings
> allowedAttributesEffective: dnQualifier
> allowedAttributesEffective: enabledProtocols
> allowedAttributesEffective: USNIntersite
> allowedAttributesEffective: pOPCharacterSet
> allowedAttributesEffective: languageCode
> allowedAttributesEffective: pOPContentFormat
> allowedAttributesEffective: wWWHomePage
> allowedAttributesEffective: networkAddress
> allowedAttributesEffective: heuristics
> allowedAttributesEffective: mailNickname
> allowedAttributesEffective: msExchAssistantName
> allowedAttributesEffective: kMServer
> allowedAttributesEffective: msExchPfRootUrl
> allowedAttributesEffective: extensionAttribute10
> allowedAttributesEffective: extensionAttribute9
> allowedAttributesEffective: extensionAttribute8
> allowedAttributesEffective: extensionAttribute7
> allowedAttributesEffective: extensionAttribute6
> allowedAttributesEffective: extensionAttribute5
> allowedAttributesEffective: extensionAttribute4
> allowedAttributesEffective: extensionAttribute3
> allowedAttributesEffective: extensionAttribute2
> allowedAttributesEffective: extensionAttribute1
> allowedAttributesEffective: expirationTime
> allowedAttributesEffective: mAPIRecipient
> allowedAttributesEffective: displayNamePrintable
> allowedAttributesEffective: targetAddress
> allowedAttributesEffective: folderPathname
> allowedAttributesEffective: mDBUseDefaults
> allowedAttributesEffective: garbageCollPeriod
> allowedAttributesEffective: msExchIMAPOWAURLPrefixOverride
> allowedAttributesEffective: msExchOriginatingForest
> allowedAttributesEffective: msExchVoiceMailboxID
> allowedAttributesEffective: msExchTUIPassword
> allowedAttributesEffective: msExchTUIVolume
> allowedAttributesEffective: msExchTUISpeed
> allowedAttributesEffective: autoReplyMessage
> allowedAttributesEffective: autoReply
> allowedAttributesEffective: submissionContLength
> allowedAttributesEffective: otherHomePhone
> allowedAttributesEffective: mDBOverQuotaLimit
> allowedAttributesEffective: uSNDSALastObjRemoved
> allowedAttributesEffective: mDBStorageQuota
> allowedAttributesEffective: importedFrom
> allowedAttributesEffective: streetAddress
> allowedAttributesEffective: homeMDB
> allowedAttributesEffective: deliveryMechanism
> allowedAttributesEffective: publicDelegates
> allowedAttributesEffective: extensionData
> allowedAttributesEffective: extensionName
> allowedAttributesEffective: adminDescription
> allowedAttributesEffective: replicationSensitivity
> allowedAttributesEffective: unauthOrig
> allowedAttributesEffective: proxyAddresses
> allowedAttributesEffective: adminDisplayName
> allowedAttributesEffective: deliverAndRedirect
> allowedAttributesEffective: homeMTA
> allowedAttributesEffective: showInAdvancedViewOnly
> allowedAttributesEffective: company
> allowedAttributesEffective: dLMemSubmitPerms
> allowedAttributesEffective: department
> allowedAttributesEffective: delivExtContTypes
> allowedAttributesEffective: delivContLength
> allowedAttributesEffective: co
> allowedAttributesEffective: authOrig
> allowedAttributesEffective: altRecipient
> allowedAttributesEffective: uSNLastObjRem
> allowedAttributesEffective: uSNChanged
> allowedAttributesEffective: otherPager
> allowedAttributesEffective: deletedItemFlags
> allowedAttributesEffective: businessRoles
> allowedAttributesEffective: msExchOmaAdminWirelessEnable
> allowedAttributesEffective: msExchOmaAdminExtendedSettings
> allowedAttributesEffective: repsFrom
> allowedAttributesEffective: repsTo
> allowedAttributesEffective: securityProtocol
> allowedAttributesEffective: info
> allowedAttributesEffective: telephoneAssistant
> allowedAttributesEffective: objectVersion
> allowedAttributesEffective: dSASignature
> allowedAttributesEffective: isDeleted
> allowedAttributesEffective: dLMemRejectPerms
> allowedAttributesEffective: uSNCreated
> allowedAttributesEffective: otherTelephone
> allowedAttributesEffective: displayName
> allowedAttributesEffective: subRefs
> allowedAttributesEffective: whenChanged
> allowedAttributesEffective: whenCreated
> allowedAttributesEffective: attributeCertificateAttribute
> allowedAttributesEffective: houseIdentifier
> allowedAttributesEffective: distinguishedName
> allowedAttributesEffective: x500uniqueIdentifier
> allowedAttributesEffective: generationQualifier
> allowedAttributesEffective: initials
> allowedAttributesEffective: givenName
> allowedAttributesEffective: userCertificate
> allowedAttributesEffective: userPassword
> allowedAttributesEffective: seeAlso
> allowedAttributesEffective: preferredDeliveryMethod
> allowedAttributesEffective: destinationIndicator
> allowedAttributesEffective: registeredAddress
> allowedAttributesEffective: internationalISDNNumber
> allowedAttributesEffective: x121Address
> allowedAttributesEffective: facsimileTelephoneNumber
> allowedAttributesEffective: teletexTerminalIdentifier
> allowedAttributesEffective: telexNumber
> allowedAttributesEffective: telephoneNumber
> allowedAttributesEffective: physicalDeliveryOfficeName
> allowedAttributesEffective: postOfficeBox
> allowedAttributesEffective: postalCode
> allowedAttributesEffective: postalAddress
> allowedAttributesEffective: businessCategory
> allowedAttributesEffective: description
> allowedAttributesEffective: title
> allowedAttributesEffective: ou
> allowedAttributesEffective: o
> allowedAttributesEffective: street
> allowedAttributesEffective: st
> allowedAttributesEffective: l
> allowedAttributesEffective: c
> allowedAttributesEffective: serialNumber
> allowedAttributesEffective: sn
> allowedAttributesEffective: objectCategory
> allowedAttributesEffective: sAMAccountName
> allowedAttributesEffective: objectSid
> allowedAttributesEffective: nTSecurityDescriptor
> allowedAttributesEffective: instanceType
> allowedAttributesEffective: cn
> allowedAttributesEffective: objectClass
>
> # Referral
> ref: ldap://exchange.win2k3.abartlet.net/DC=exchange,DC=win2k3,DC=abartlet,DC=net
>
> # Referral
> ref: ldap://ForestDnsZones.win2k3.abartlet.net/DC=ForestDnsZones,DC=win2k3,DC=abartlet,DC=net
>
> # Referral
> ref: ldap://DomainDnsZones.win2k3.abartlet.net/DC=DomainDnsZones,DC=win2k3,DC=abartlet,DC=net
>
> # Referral
> ref: ldap://win2k3.abartlet.net/CN=Configuration,DC=win2k3,DC=abartlet,DC=net
>
> # returned 5 records
> # 1 entries
> # 4 referrals
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20061101/2455fd77/attachment.bin>
More information about the Fedora-directory-devel
mailing list