DS_SINGLE_VALUED_ATTR |
0x0001 |
Indicates that the attribute has a single value, with no order implied. If FALSE, the attribute is multi-valued. |
DS_SIZED_ATTR |
0x0002 |
Indicates that the attribute has an upper and lower boundary. This can be the length for strings or the value for integers.The first number indicates the lower boundary and the second, the upper boundary.
If FALSE, the attribute has no length or range limits. |
DS_NONREMOVABLE_ATTR |
0x0004 |
Prevents the attribute from being removed from the schema:
-
In NDS version 6.xx and below, clients cannot set this constraint flag.
-
In NDS version 7.xxx and above, clients can set this flag when the attribute is created.
All operational attribute definitions have the nonremovable flag set to TRUE.
If FALSE, the attribute can be removed if it hasn’t been assigned to a class. |
DS_READ_ONLY_ATTR |
0x0008 |
Prevents clients from remotely modifying the attribute. The eDirectory server and applications running on it create and maintain these attributes. Clients can read the attribute's value.
If FALSE, clients can remotely modify this attribute. |
DS_HIDDEN_ATTR |
0x0010 |
In NDS version 6.xx and below, marks the attribute as usable only by the eDirectory server.
In NDS version 7.xx and above, marks the attribute as usable by eDirectory and the applications running on the eDirectory server.
If FALSE, clients can see the attribute. |
DS_STRING_ATTR |
0x0020 |
Labels the attribute as a string type. eDirectory sets this constraint on all attributes that use a string for their syntax. Naming attributes must have this constraint.
If FALSE, the attribute is not a string and cannot be used as a naming attribute. |
DS_SYNC_IMMEDIATE |
0x0040 |
Forces immediate synchronization with other replicas when the value of the attribute changes. If FALSE, the attribute is synchronized at the next synchronization interval.
In NetWare 5.x, all attributes in the operational schema have this constraint except Back Link, Bindery Property, Bindery Object Restriction, Bindery Restriction Level, Bindery Type, Last Login Time, Last Referenced Time, Login Time, Purge Vector, Reference, Synchronize Up To, Timezone, Transitive Vector, Unknown, and Unknown Base Class. |
DS_PUBLIC_READ |
0x0080 |
Indicates that anyone can read the attribute without read privileges being assigned. You cannot use inheritance masks to prevent an object from reading attributes with this constraint.
If FALSE, eDirectory rights determine who can read the value of the attribute.
If TRUE, eDirectory skips all rights checking, making access to the data extremely efficient. |
DS_SERVER_READ |
0x0100 |
Indicates that Server class objects can read the attribute even though the privilege to read has not been inherited or explicitly granted. You cannot use inheritance masks to restrict servers from reading attributes with this constraint. The client cannot set or modify this constraint flag and thus cannot modify the attribute. |
DS_WRITE_MANAGED |
0x0200 |
Forces users to have supervisor rights to the object before they can add or delete the object as a value for this attribute. This flag only works on attributes which have a DN in the syntax.
It is used on attributes such as Security Equals, Group Membership, and Profile Membership. |
DS_PER_REPLICA |
0x0400 |
Marks the attribute so that the information in the attribute is not synchronized with other replicas. The client cannot set or modify this constraint flag and thus cannot modify the attribute. |
DS_SCHEDULE_SYNC_NEVER |
0x0800 |
Allows the attribute’s value to change without such a change triggering synchronization. The attribute can wait to propagate the change until the next regularly scheduled synchronization cycle or some other event triggers synchronization. |
DS_OPERATIONAL |
0x1000 |
Indicates that eDirectory uses the attribute internally and requires the attribute to function correctly. Also used for LDAP compatibility. |