On Tue, 2008-01-15 at 21:46 -0800, Quanah Gibson-Mount wrote: > --On Wednesday, January 16, 2008 4:31 PM +1100 Andrew Bartlett > <email@example.com> wrote: > > > > Then it just works, and I don't have to do an extra fish for this > > particular operational attribute. > > I'm somewhat curious why "memberOf" the attribute would be operational. > "member" isn't, and it is of a similar vein.. In the AD aggregate schema they are marked: attributeTypes: ( 1.2.840.113522.214.171.124 NAME 'memberOf' SYNTAX '126.96.36.199.4.1.14188.8.131.52.12' NO-USER-MODIFICATION ) attributeTypes: ( 184.108.40.206 NAME 'member' SYNTAX '220.127.116.11.4.1.1418.104.22.168.12' ) 'memberOf' is the end that is calculated, while 'member' is the end being modified by the administrator. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Description: This is a digitally signed message part