Menu
▾
▴
Re: createTimestamp?
|
From: David B. <d.b...@ma...> - 2000-08-11 03:12:44
|
Actually, what I want to do is change the attributes that are returned so
that it returns what are currently considered by my server to be (I guess)
operational attributes.
You see, if I do a LDAP search in my NDS tree, I only get a very limited
list of attributes returned when I request '*', but if I request them by
name...no probs. There are many attributes that I would have expected a
normal search to return. (like whether an account is locked or not)
So, what I want is not to ADD another attribute, and control it's access
with an ACL, but MODIFY existing attributes so that they are more visible.
Is this part of a system ACL too?
David.
At 05:58 PM 8/10/00 -0500, you wrote:
>What you want to do should be accomplished via an ACL , not an operational
>attribute.
>From my understanding an operational attribute is one that is determined
>by the sever and is not attatched to the entry. And they can cause a load
>on the server to generate them, thus you don't want them returned unless
>they're specifically requested & you probably don't want them allowed to
>just anyone.
>
>Mark
>
>On Fri, 11 Aug 2000, David Bussenschutt wrote:
>
>> What mechanism does a server use to decide what is an operational
>> attribute, and what is not? Can I add operational attributes? (ie not have
>> them returned in a normal search unless explicitly requested)
>>
>> David.
>>
>> At 05:40 PM 8/10/00 -0500, you wrote:
>> >If you don't provide any attributes to search, you'll get back all
>> >non-operational attributes available to you (of course this depends on the
>> >server's ACLs as to which ones you can actually get).
>> >
>> >If you want operational attributes you must requet them in the search
>> >(sorry I overlooked that yesterday).
>> >
>> >If you want all of the attributes, either list everything in the search,
>> >or do 2 searches, one without listing and one with a listing of all of the
>> >operational attributes.
>> >
>> >Mark
>> >
>> >On Thu, 10 Aug 2000, Bing Du wrote:
>> >
>> >> Thanks all. Ok, I have given up using as_struct.
>> >>
>> >> I saw 'createtimestamp' finally by using $ldcon->search(base =>
>> >> $BASEDN, scope => 'sub', filter => $filter,attrs=>
>> >> ["createtimestamp"],typesonly => 0) :).
>> >>
>> >> A new question:
>> >>
>> >> I used to use
>> >> $ldcon->search(base...,scope...,filter...,attrs=>[],typesonly...) to
>> >> retrieve values of all attributes without specificly listing all
>> >> attributes' names in @attrs (e.g. @attrs = ('cn', 'phone','email')), and
>> >> then use attrs=>@attrs in 'search'. By doing this, I do not need to
>> >> change my script whenever new attributes are added in.
>> >>
>> >> But now I have to explicitly specify operational attributes in
>> >> attrs=>[] because I want them. So is there a way to represent all
>> >> other regular attributes still without listing them explicitly?
>> >>
>> >> Thanks,
>> >>
>> >> Bing
>> >>
>> >> >>> Chris Ridd <chr...@me...> 08/10/00 02:34AM >>>
>> >> Mark Wilcox <mew...@un...> wrote:
>> >> > Chris Ridd (who works for Messanging Direct) will be the best one to
>> >> > answer this. But he's leaving on a trip, so I don't know if he's
>> >> online
>> >> > right now.
>> >>
>> >> Still here...
>> >>
>> >> > Have you verified that the attribute is actually there (ie. have you
>> >> > dumped it out with ldapsearch or MD's version of db2ldif?)
>> >> >
>> >> > Mark
>> >>
>> >> The default access controls we have in our directory will only permit
>> >> the
>> >> DSA manager - which Bing is binding as, so that's OK - read access to
>> >> createTimestamp.
>> >>
>> >> As others have pointed out, createTimestamp is an operational
>> >> attribute, so
>> >> will only be returned over LDAP when the client explicitly asks for
>> >> it.
>> >>
>> >> So I suspect the problem is either that you aren't explicitly
>> >> specifying in
>> >> the search operation that you want the createTimestamp back, or the
>> >> way
>> >> you're accessing the entries back via as_struct is wrong.
>> >>
>> >> To check the attributes are really coming back over the network, set
>> >> debug
>> >> => 12 when you create the LDAP object. You will then get a whole load
>> >> of
>> >> output to stderr which is a dump of the raw protocol. Hopefully you'll
>> >> see
>> >> the createTimestamps being returned.
>> >>
>> >> I haven't used as_struct myself, so can't comment on that part.
>> >>
>> >> Cheers,
>> >>
>> >> Chris
>> >>
>> >
>> >
>> >
>> >
>>
>> --------------------------------------------------------------------
>> David Bussenschutt Email: D.B...@ma...
>> Senior Computing Support Officer & Systems Administrator/Programmer
>> Location: Griffith University. Information Technology Services
>> Brisbane Qld. Aust. (TEN bldg. rm 1.33) Ph: (07)38757079
>> --------------------------------------------------------------------
>>
>
>
>
>
--------------------------------------------------------------------
David Bussenschutt Email: D.B...@ma...
Senior Computing Support Officer & Systems Administrator/Programmer
Location: Griffith University. Information Technology Services
Brisbane Qld. Aust. (TEN bldg. rm 1.33) Ph: (07)38757079
--------------------------------------------------------------------
|
