18.1. Virtual Attributes

OpenDJ defines a number of virtual attributes by default.

entryDN

The value is the DN of the entry.

entryUUID

Provides a universally unique identifier for the entry.

etag

Entity tag as defined in RFC 2616, useful for checking whether an entry has changed since you last read it from the directory.

hasSubordinates

Boolean. Whether the entry has children.

numSubordinates

Provides the number of direct child entries.

isMemberOf

Identifies groups the entry belongs to.

By default OpenDJ generates isMemberOf on user entries (entries that have the object class person), and on group entries (entries that have the object class groupOfNames, groupOfUniqueNames, or groupOfEntries). You can change this by editing the filter property of the isMemberOf virtual attribute configuration.

member

Generated for virtual static groups.

uniqueMember

Generated for virtual static groups.

pwdPolicySubentry

Identifies the password policy that applies to the entry.

By default OpenDJ assigns root DN users the password policy with DN cn=Root Password Policy,cn=Password Policies,cn=config and regular users the password policy with DN cn=Default Password Policy,cn=Password Policies,cn=config. See Configuring Password Policy for information on configuring and assigning password policies.

subschemaSubentry

References the schema definitions.

collectiveAttributeSubentries

References applicable collective attribute definitions.

governingStructureRule

References the rule on what type of subordinates the entry can have.

structuralObjectClass

References the structural object class for the entry.

These virtual attributes are typically operational, so you get them back from a search only when you request them. 

$ ldapsearch --port 1389 --baseDN dc=example,dc=com dc=example
dn: dc=example,dc=com
dc: example
objectClass: domain
objectClass: top

$ ldapsearch --port 1389 --baseDN dc=example,dc=com dc=example numSubordinates
dn: dc=example,dc=com
numSubordinates: 4

You can use the existing virtual attribute types to create your own virtual attributes, and you can also use the user-defined type to create your own. The virtual attribute is defined by the server configuration, which is not replicated. 

$ dsconfig
 create-virtual-attribute
 --hostname opendj.example.com
 --port 4444
 --bindDN "cn=Directory Manager"
 --bindPassword password
 --name "Served By Description"
 --type user-defined
 --set enabled:true
 --set attribute-type:description
 --set base-dn:dc=example,dc=com
 --set value:"Served by OpenDJ.Example.com"
 --trustAll
 --no-prompt
$ ldapsearch --port 1389 --baseDN dc=example,dc=com uid=bjensen description
dn: uid=bjensen,ou=People,dc=example,dc=com
description: Served by OpenDJ.Example.com

Collective attributes cover many use cases better than virtual attributes.