diff --git a/ldapserver/entries.py b/ldapserver/entries.py
index 999897b932925df44eb6021ee7c096adc2c7c277..9bd34b7ee00eead7be101b43ebc58bb28f169d91 100644
--- a/ldapserver/entries.py
+++ b/ldapserver/entries.py
@@ -255,6 +255,8 @@ class Entry(AttributeDict):
for selector in attributes or ['*']:
if selector == '*':
selected_attributes |= self.schema.user_attribute_types
+ elif selector == '+':
+ selected_attributes |= self.schema.operational_attribute_types
elif selector == '1.1':
continue
elif selector in self.schema.attribute_types:
diff --git a/ldapserver/ldap.py b/ldapserver/ldap.py
index 1c04d8b816e3d347f933df0199d2718b906c57d7..7386131042545837c61860012d9c2a783294cc45 100644
--- a/ldapserver/ldap.py
+++ b/ldapserver/ldap.py
@@ -727,5 +727,8 @@ class PagedResultsValue(asn1.Sequence):
size: int
cookie: bytes
+# LDAP All Operational Attributes (RFC3673)
+ALL_OPERATIONAL_ATTRS_OID = '1.3.6.1.4.1.4203.1.5.1'
+
# LDAP Absolute True and False Filters (RFC4526)
ABSOLUTE_TRUE_FALSE_OID = '1.3.6.1.4.1.4203.1.5.3'
diff --git a/ldapserver/schema/types.py b/ldapserver/schema/types.py
index 8eeac167eedf6a33cfd03b9a97de3243412d4e7c..4f3dcee37ec08019e363c7b0384727a03bf667d2 100644
--- a/ldapserver/schema/types.py
+++ b/ldapserver/schema/types.py
@@ -205,7 +205,9 @@ class AttributeType:
self.is_operational = (definition.usage != AttributeTypeUsage.userApplications)
schema._register(self, self.oid, self.ref, *self.names)
schema.attribute_types._register(self, self.oid, self.ref, *self.names)
- if not self.is_operational:
+ if self.is_operational:
+ schema.operational_attribute_types.add(self)
+ else:
schema.user_attribute_types.add(self)
#: Set of all matching rules in schema that can be applied to values of the attribute type
self.compatible_matching_rules = self.syntax.compatible_matching_rules
@@ -462,7 +464,10 @@ class Schema(OIDDict):
for item in attribute_type_definitions or []]
#: Mapping of attribute type OIDs and short descriptive names to :any:`AttributeType` objects
self.attribute_types = OIDDict()
+ #: Set of user (non-operational) attribute types
self.user_attribute_types = set()
+ #: Set of operational (non-user) attribute types
+ self.operational_attribute_types = set()
# Attribute types may refer to other (superior) attribute types. To resolve
# these dependencies we cycle through the definitions, each time adding
# those not added yet with fulfilled dependencies. Finally we add all the
diff --git a/ldapserver/server.py b/ldapserver/server.py
index cdf2729102ee905fd2b8d35392a3fc53a9753de2..03789fc7bbb5d26dd26a680de2c59621dbbbe80e 100644
--- a/ldapserver/server.py
+++ b/ldapserver/server.py
@@ -198,6 +198,7 @@ class LDAPRequestHandler(BaseLDAPRequestHandler):
self.rootdse['supportedSASLMechanisms'].append('PLAIN')
if self.supports_sasl_external:
self.rootdse['supportedSASLMechanisms'].append('EXTERNAL')
+ self.rootdse['supportedFeatures'].append(ldap.ALL_OPERATIONAL_ATTRS_OID)
self.rootdse['supportedFeatures'].append(ldap.ABSOLUTE_TRUE_FALSE_OID)
self.rootdse['supportedLDAPVersion'] = ['3']
self.bind_object = None
diff --git a/tests/test_entries.py b/tests/test_entries.py
index 20c9e2d72cacd735890e8107d4bc89c18fe0bb69..1947dc64f82de3f1e302e21cba1467e57669bfff 100644
--- a/tests/test_entries.py
+++ b/tests/test_entries.py
@@ -365,6 +365,11 @@ class TestObjectEntry(unittest.TestCase):
self.assertEqual(len(result.attributes), 2)
self.assertEqual({item.type: item.vals for item in result.attributes},
{'cn': [b'foo', b'bar'], 'objectClass': [b'top']})
+ result = obj.search('cn=foo,dc=example,dc=com', ldap.SearchScope.baseObject, ldap.FilterPresent('objectclass'), ['+'], False)
+ self.assertEqual(result.objectName, 'cn=foo,dc=example,dc=com')
+ self.assertEqual(len(result.attributes), 1)
+ self.assertEqual({item.type: item.vals for item in result.attributes},
+ {'subschemaSubentry': [b'cn=subschema']})
result = obj.search('cn=foo,dc=example,dc=com', ldap.SearchScope.baseObject, ldap.FilterPresent('objectclass'), ['1.1'], False)
self.assertEqual(result.objectName, 'cn=foo,dc=example,dc=com')
self.assertEqual(len(result.attributes), 0)