The LDAP server in NDS eDirectory can set and get information about the following eDirectory extended flags.
By default, when creating an attribute definition, none of these flags are set.
To obtain the information when reading the schema, you must send the flag with the request to read the attribute.
|Extended Flags||Description||NDAP Equivalent|
|X-NDS_PUBLIC_READ||When set, allows anyone to read the attribute's value even though such rights have not been granted or inherited. |
Using this flag makes access to the attribute extremely efficient because eDirectory performs no rights checking.
When not set, users must have been granted rights or inherit rights to read the attribute's value.
|DS_PUBLIC_READ flag set to True.|
|X-NDS_SERVER_READ||When set, allows the NCP Server object to read the attribute's value even though such rights have not been granted or inherited. |
When not set, the NCP Server object must be granted rights or inherit rights to read the attribute's value.
|DS_SERVER_READ flag set to True.|
|X-NDS_NEVER_SYNC||When set, prevents changes to this attribute from synchronizing with other replicas. The information in the attribute is specific to the replica. |
When not set, changes to the attribute are synchronized to other replicas.
|DS_PER_REPLICA flag set to True.|
|X-NDS_NOT_SCHED_SYNC_IMMEDIATE||When set, allows the attribute's value to change without scheduling synchronization, and synchronization will start within 30 minutes.|
When not set, causes any changes to the attribute to schedule immediate synchronization (within 10 seconds).
|DS_SYNC_IMMEDIATE flag set to False.|
|X-NDS_SCHED_SYNC_NEVER||When set, allows the attribute's value to change without scheduling synchronization. The attribute can wait until the next scheduled synchronization cycle to propagate its changes. When not set, causes any changes to the attribute to schedule synchronization. Developers can only read this flag.||DS_SCHEDULE_SYNC_NEVER flag set to True.|
|X-NDS_LOWER_BOUND||When set, specifies the lower boundary for a string or integer syntax.|
When not set, the attribute has no lower boundary.
|DS_SIZED_ATTR flag set to True|
|X-NDS_NAME_VALUE_ACCESS||This flag only works on attributes which use a DN syntax and contain a list of entries, such as groupMembership.|
When set, requires users to have supervisor rights to the entry before they can add or delete the entry as a value for this attribute.
When not set, requires the user to have read rights to read the values and write rights to modify the values.
|DS_WRITE_MANAGED flag set to True.|
|X-NDS_NAME||When creating an attribute, specifies the legacy eDirectory attribute that automatically maps to this LDAP attribute. This is new in NDS eDirectory 8.5 and should be used to make attributes available to previous versions of the LDAP server in an eDirectory tree. When reading the attribute definition, returns the legacy eDirectory attribute name.||NA|
|X-NDS_ACL_TEMPLATES||Every object in the NDS tree has an ACL attribute. This attribute holds information about which trustees have access to the object itself (entry rights) and which trustees have access to the attributes for the object. This information is stored in sets of information containing the following:|
* The trustee name
* The affected attribute-Entry Rights, All Attributes Rights, or a specific attribute
* The privileges
ACL templates helps us in defining ACLs for specific classes in the base schema and provide a minimum amount of access security for newly created objects.
This flag was added in 8.7.0.
Standard LDAP attribute flags can also be used. #The following table lists the LDAP name and the corresponding NDAP name.
|Standard LDAP Flags||NDAP Equivalent|
|SINGLE-VALUE DS_SINGLE_VALUED_ATTR set to True||COLLECTIVE Not supported|
|NO-USER-MODIFICATION Flag||DS_READ_ONLY_ATTR set to True|
|USAGE userApplications||None required. This sets the attribute as a normal attribute. The other USAGE flags can only be set by eDirectory.|
|USAGE directoryOperation||DS_OPERATIONAL (set by eDirectory)|
|USAGE distributedOperation||DS_OPERATIONAL (set by eDirectory)|
|USAGE dSAOperation||DS_OPERATIONAL (set by eDirectory)|
Object Class Flags#eDirectory uses a set of flags to define allowable class operations. When adding a new object class definition to the schema, you can set the following flags. When reading definitions, you send the flags to obtain the information.
|Extended Flags ObjectClasses||Description||Equivalent|
|X-NDS_NOT_CONTAINER||When set, indicates that this object class cannot contain other entries and is thus a leaf entry.|
When not set, indicates that this object class can contain other entries and is thus a container class.
|DS_CONTAINER_CLASS flag set to False.|
|X-NDS_CONTAINMENT||When included, this flag is followed by a list of object classes that can be the parent container of the object class that is being defined.|
When not included, the object class that is being defined is automatically assigned containment classes of country, organization, organizationalUnit, locality, and domain.
|DS_AMBIGUOUS_CONTAINMENT flag set to False.|
|X-NDS_NAMING||When included, this flag is followed by the list of attributes that can be used to name entries based on this object class definition.|
When not included, the naming attributes for the object class are all of the MAY and MUST attributes that use a string-type syntax.
|DS_AMBIGUOUS_NAMING flag set to False.|
|X-NDS_NONREMOVABLE||When set, indicates that the class cannot be removed even if no entries are using the definition. This flag is placed on all classes in the eDirectory operational schema. NDS 8 and higher allow application developers to set this flag.|
When not set, indicates that the class can be removed from the schema if no entries are using the definition.
|DS_NONREMOVABLE_CLASS flag set to True.|
|X-NDS_NAME||When defining an object class, specifies the legacy eDirectory object class that automatically maps to this LDAP class. This is new in NDS eDirectory 8.5 and should be used to make classes available to previous versions of the LDAP server in an eDirectory tree. When reading object class definitions, returns the legacy eDirectory name for this object class.||NA|
Standard LDAP ObjectClass Flags#The standard LDAP class flags can also be used.
|Standard LDAP Flags||NDAP Equivalent|
|ABSTRACT||DS_EFFECTIVE_CLASS set to False|
|STRUCTURAL||DS_EFFECTIVE_CLASS set to True|
|AUXILIARY||DS_AUXILIARY_CLASS set to True|