NO-USER-MODIFICATION defines the mutability of the AttributeType and implies the data is not to be modified by users. (ReadOnly)

Often, depending on the LDAP Server Implementation it may also be considered to be an Operational Attribute whose values are controlled by the DSA.

NO-USER-MODIFICATION requires an Operational Attribute according to RFC 4512[1] which implies the values are controlled by the DSA.

In EDirectory schema files this is the same as the DS_READ_ONLY_ATTR

Microsoft Active Directory uses SystemOnly

More Information#

There might be more information for this subject on one of the following: