And yes those fields are stored at the same place, but the LDAP modification is done on server side after the reception of the soap request.
So I suppose that zimbra when it manage the soap request, check if the value the soap request ask to modify is in the list of the value a user can change.
Okay, let me summarize what I understood so far ... please correct me if I'm wrong:
* user properties are hold within the user objects in LDAP
* js client code holds them and allows arbitrary changes and adding new ones locally
* it writes them back to LDAP via an SOAP call
* that SOAP call will protect specific properties that may not be changed by the user.
By the way: do those additional properties easily survive an upgrade ?
(you know, LDAP schemata tend to be incompatible between different
ZCS versions and the update process handles the conversion).