On 18 Nov 2019, at 03:05, William Brown <wbr...@suse.de> wrote: >> I tried that, but it made no difference. I also noticed that despite asking >> for attributes “*” and “+”, the java code didn’t give me any operational >> attributes back at all. >> >> I’m assuming that entryLevelRights/attributeLevelRights are operational >> attributes and 389ds won’t return them with a “*” attribute on it’s own? > > The attributes you "request" are the attributes it will do an effective > rights check on, and the server just "puts" the *rights attributes in your > response without asking (well, you did ask because of the control) > >> >> I’m trying to work out whether this is a java issue or a 389ds issue. > > Why not both?
Possibly - I eventually found that elsewhere in my code I was silently stripping any attribute that came back that didn’t have a schema, and these explained why entryLevelRights/attributeLevelRights were missing, but not why operational attributes had no schemas. This leads to the issue of how do we find the syntax OIDs for operational attributes? Are these made available by 389ds in some way, or does the calling code have to know how to handle each type of operational attribute? Regards, Graham —
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
