diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 483aba6dd6bb8eb34416ead1410e80dab8d2a83e..695174ec7d310c0a9c457a6e1ea3e93b82ac9bd6 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -55,12 +55,8 @@ access_allowed(
 		e->e_dn, attr, 0 );
 
 	/* the lastmod attributes are ignored by ACL checking */
-	if ( strcasecmp( attr, "modifiersname" ) == 0 ||
-		strcasecmp( attr, "modifytimestamp" ) == 0 ||
-		strcasecmp( attr, "creatorsname" ) == 0 ||
-		strcasecmp( attr, "createtimestamp" ) == 0 )
-	{
- 		Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
+	if ( oc_check_operational( attr ) ) {
+ 		Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
 			attr, 0, 0 );
 		return(1);
 	}
@@ -403,12 +399,8 @@ acl_check_modlist(
 		regmatch_t       matches[MAXREMATCHES];
 
 		/* the lastmod attributes are ignored by ACL checking */
-		if ( strcasecmp( mlist->ml_type, "modifiersname" ) == 0 ||
-			strcasecmp( mlist->ml_type, "modifytimestamp" ) == 0 ||
-			strcasecmp( mlist->ml_type, "creatorsname" ) == 0 ||
-			strcasecmp( mlist->ml_type, "createtimestamp" ) == 0 ) 
-		{
-			Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
+		if ( oc_check_operational( mlist->ml_type ) ) {
+			Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
 				mlist->ml_type, 0, 0 );
 			continue;
 		}
diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index 6ca236a2796e9ecd40e183013ab34004a4ed6a71..60e43f70e7677aa588d445d9c4180ff62482ad08 100644
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -162,10 +162,7 @@ add_created_attrs( Operation *op, Entry *e )
 
 	/* remove any attempts by the user to add these attrs */
 	for ( a = &e->e_attrs; *a != NULL; a = next ) {
-		if ( strcasecmp( (*a)->a_type, "modifiersname" ) == 0 || 
-			strcasecmp( (*a)->a_type, "modifytimestamp" ) == 0 ||
-			strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ||
-			strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 ) {
+		if ( oc_check_operational( (*a)->a_type ) ) {
 			tmp = *a;
 			*a = (*a)->a_next;
 			attr_free( tmp );
diff --git a/servers/slapd/back-bdb2/modify.c b/servers/slapd/back-bdb2/modify.c
index c4cb583357115524e2a48fd7e656447b672cc06f..8f137608f33e7e0bcdb3f1a4fd3d1a1cbcf8fee0 100644
--- a/servers/slapd/back-bdb2/modify.c
+++ b/servers/slapd/back-bdb2/modify.c
@@ -33,13 +33,9 @@ add_lastmods( Operation *op, LDAPModList **modlist )
 
 	/* remove any attempts by the user to modify these attrs */
 	for ( m = modlist; *m != NULL; m = &(*m)->ml_next ) {
-            if ( strcasecmp( (*m)->ml_type, "modifytimestamp" ) == 0 || 
-				strcasecmp( (*m)->ml_type, "modifiersname" ) == 0 ||
-				strcasecmp( (*m)->ml_type, "createtimestamp" ) == 0 || 
-				strcasecmp( (*m)->ml_type, "creatorsname" ) == 0 ) {
-
+            if ( oc_check_operational( (*m)->ml_type ) ) {
                 Debug( LDAP_DEBUG_TRACE,
-					"add_lastmods: found lastmod attr: %s\n",
+					"add_lastmods: found operational attr: %s\n",
 					(*m)->ml_type, 0, 0 );
                 tmp = *m;
                 *m = (*m)->ml_next;
diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c
index ff79544fb05b0266de4c58cc32701ccad03c9763..15c2c72896f84de692d1cebc6c4c921e83766cc7 100644
--- a/servers/slapd/back-ldbm/modify.c
+++ b/servers/slapd/back-ldbm/modify.c
@@ -33,13 +33,9 @@ add_lastmods( Operation *op, LDAPModList **modlist )
 
 	/* remove any attempts by the user to modify these attrs */
 	for ( m = modlist; *m != NULL; m = &(*m)->ml_next ) {
-            if ( strcasecmp( (*m)->ml_type, "modifytimestamp" ) == 0 || 
-				strcasecmp( (*m)->ml_type, "modifiersname" ) == 0 ||
-				strcasecmp( (*m)->ml_type, "createtimestamp" ) == 0 || 
-				strcasecmp( (*m)->ml_type, "creatorsname" ) == 0 ) {
-
+            if ( oc_check_operational( (*m)->ml_type ) ) {
                 Debug( LDAP_DEBUG_TRACE,
-					"add_lastmods: found lastmod attr: %s\n",
+					"add_lastmods: found operational attr: %s\n",
 					(*m)->ml_type, 0, 0 );
                 tmp = *m;
                 *m = (*m)->ml_next;
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index b18fc55cc70f1a01ed67f72b13d3c190b1476280..3f7da34a9a51ab5ec617b1f98e73f6e7c724ed6a 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -255,6 +255,7 @@ void send_ldap_search_result LDAP_P(( Connection *conn, Operation *op, int err,
  */
 
 int oc_schema_check LDAP_P(( Entry *e ));
+int oc_check_operational LDAP_P(( char *type ));
 ObjectClass *oc_find LDAP_P((const char *ocname));
 int oc_add LDAP_P((LDAP_OBJECT_CLASS *oc, const char **err));
 Syntax *syn_find LDAP_P((const char *synname));
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 4a99e13453565b8dbe650b90332162701be10be0..aefe07128a767ad0ca1e921787c518d6e287bcd7 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -231,24 +231,21 @@ send_search_entry(
 	for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
 		regmatch_t       matches[MAXREMATCHES];
 
-		if ( attrs != NULL && ! charray_inlist( attrs, a->a_type ) ) {
-			continue;
-		}
-
-		/* the lastmod attributes are ignored by ACL checking */
-		if ( strcasecmp( a->a_type, "modifiersname" ) == 0 ||
-			strcasecmp( a->a_type, "modifytimestamp" ) == 0 ||
-			strcasecmp( a->a_type, "creatorsname" ) == 0 ||
-			strcasecmp( a->a_type, "createtimestamp" ) == 0 ) 
-		{
-			Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access DEFAULT\n",
-				a->a_type, 0, 0 );
-			acl = NULL;
+		if ( attrs == NULL ) {
+			/* all addrs request, skip operational attributes */
+			if( oc_check_operational( a->a_type )) {
+				continue;
+			}
 		} else {
-			acl = acl_get_applicable( be, op, e, a->a_type,
-				MAXREMATCHES, matches );
+			/* specific addrs requested */
+			if ( !charray_inlist( attrs, a->a_type )) {
+				continue;
+			}
 		}
 
+		acl = acl_get_applicable( be, op, e, a->a_type,
+			MAXREMATCHES, matches );
+
 		if ( ! acl_access_allowed( acl, be, conn, e,
 			NULL, op, ACL_READ, edn, matches ) ) 
 		{
diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index 97c80be9b1481e0bd09119f03e5ba50c5839abe6..746833f796a67027edf244676b1127128244c636 100644
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -125,9 +125,9 @@ oc_check_required( Entry *e, char *ocname )
 
 /*
  * check to see if attribute is 'operational' or not.
- * this function should be externalized...
+ * this list should be extensible...
  */
-static int
+int
 oc_check_operational( char *type )
 {
 	return ( strcasecmp( type, "modifiersname" ) == 0 ||
@@ -1051,12 +1051,12 @@ schema_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
 
 	val.bv_val = ch_strdup( "top" );
 	val.bv_len = strlen( val.bv_val );
-	attr_merge( e, "objectclass", vals );
+	attr_merge( e, "objectClass", vals );
 	ldap_memfree( val.bv_val );
 
 	val.bv_val = ch_strdup( "subschema" );
 	val.bv_len = strlen( val.bv_val );
-	attr_merge( e, "objectclass", vals );
+	attr_merge( e, "objectClass", vals );
 	ldap_memfree( val.bv_val );
 
 	if ( syn_schema_info( e ) ) {