4.1.10.5.6 FilterAttribute

 procedure FilterAttribute(
   o: DSName,
   attribute: ATTRTYP,
   s: AttributeStamp,
   pUtd: ADDRESS OF UPTODATE_VECTOR_V1_EXT,
   partialAttrs: set of ATTRTYP,
   partialAttrsEx: set of ATTRTYP,
   dirSyncFlags: ULONG): boolean

Informative summary of behavior: The FilterAttribute procedure determines whether an update (attribute or link value) that is in scope should be filtered out of the set of changes to send in the replication cycle. The rules are as follows:

• If the client's up-to-date vector pUtd asserts that the client has already applied the update with stamps, the update is filtered out, provided that attribute is not in the partialAttrsEx set. The elements of partialAttrsEx are not subject to filtering by the up-to-date vector.

• If partialAttrs is not null (indicating the client has a partial replica) and attribute is not in partialAttrs + partialAttrsEx, then the update is filtered out.

• If partialAttrs is not null, attribute is member, o is of class group, and o is not a universal group, then the update is filtered out.

• If attribute is the naming attribute (that is, cn for objects of class container, as shown below) for the object class of o, the update is filtered out.

• If LDAP_DIRSYNC_OBJECT_SECURITY is in dirSyncFlags, and the client does not have access rights to read the object, all the updates are filtered out except updates to the isDeleted and isRecycled attributes.

   filtered: boolean
   cursor: UPTODATE_CURSOR_V2
    
   filtered := false
    
   if pUtd ≠ null and partialAttrsEx ≠ null
         and not attribute in partialAttrsEx then
     /* Filter updates with stamps that the client's up-to-date vector
      * asserts the client has already applied to its NC replica.
      */
     cursor := select one c from pUtd^.rgCursors where c.uuidDsa =
         s.uuidOriginating
     if cursor ≠ null and cursor.usnHighPropUpdate >= s.usnOriginating 
         then
       filtered := true
     endif
   endif
    
   if not filtered and partialAttrs ≠ null then
     /* Filter updates to attributes that are not in the client's
      * partial replica.
      */
     if not attribute in partialAttrs + partialAttrsEx then
       filtered := true
     endif 
   endif
    
   if not filtered and partialAttrs ≠ null and attribute = member then
     /* Filter updates to the member attribute from the client's
      * partial replica if the group is not a universal group.
      */
     if group in o!objectClass and
         not GROUP_TYPE_UNIVERSAL_GROUP in o!groupType then
       filtered := true
     endif 
   endif
    
   if not filtered then
     /* Filter updates to the naming attribute of o. */
     if attribute = o!rdnType then
       filtered := true
     endif
   endif
    
   if not filtered then
     /* Filter non replicated attributes of o. */
     if AttrIsNonReplicated(attribute) then
       filtered := true
     endif
   endif
    
   if not filtered then
     /* If LDAP_DIRSYNC_OBJECT_SECURITY in dirSyncFlags, and the client does
        not have access rights to read the object, all the updates are filtered
        out except updates to isDeleted and isRecycled attributes. */
    
     if LDAP_DIRSYNC_OBJECT_SECURITY in dirSyncFlags and
        (AccessCheckObject(o, RIGHT_DS_LIST_OBJECT) = false or
         AccessCheckObject(o.parent, RIGHT_DS_LIST_CONTENTS) = false) and
        attribute ≠ isDeleted and
        attribute ≠ isRecycled then
       filtered := true
     endif
   endif 
   return filtered