Exit Print View

Sun OpenDS Standard Edition 2.2 Architectural Reference

Get PDF Book Print View
 
8.  Supported Controls and Operations Previous Next

Document Information

1.  Introduction

2.  The Directory Server Access Control Model

3.  Understanding the Directory Server Schema

4.  Directory Server Index Databases

5.  Understanding Directory Server Plug-Ins

6.  Directory Server Replication

7.  Directory Server Root Users and the Privilege Subsystem

8.  Supported Controls and Operations

Supported LDAP Controls

Supported Extended Operations

Supported LDAP Controls

A supported control is a mechanism for identifying the request controls supported by the Sun OpenDS Standard Edition. The OIDs of these controls are listed in the supportedControl attribute of the server's root DSE.

Table 8-1 lists the controls supported by the directory server.

If you have installed a proxy, refer to Table 8-2, which lists the controls supported by the Sun OpenDS Standard Edition proxy as well as by the remote LDAP servers.

Table 8-1
LDAP Controls Supported by the Directory Server
OID
LDAP Control
RFC or draft
1.2.826.0.1.3344810.2.3
Matched Values Control
RFC3876
1.2.840.113556.1.4.319
Page Results Control
RFC2696
1.2.840.113556.1.4.473
Server-side Sort Control
RFC2891
1.2.840.113556.1.4.805
Subtree Delete Control
Draft
1.3.6.1.1.12
Assertion Control
RFC4528
1.3.6.1.1.13.1
LDAP Pre-read Control
RFC4527
1.3.6.1.1.13.2
LDAP Post-read Control
RFC4527
1.3.6.1.4.1.26027.1.5.2
Replication Repair Control
1.3.6.1.4.1.4203.1.10.2
LDAP No-Op Control
Draft
1.3.6.1.4.1.42.2.27.8.5.1
Password Policy Control
Draft
1.3.6.1.4.1.42.2.27.9.5.2
Get Effective Rights Control
1.3.6.1.4.1.42.2.27.9.5.8
Account Usability Control
1.3.6.1.4.1.42.2.27.9.5.9
CSN (Change Number Control)
1.3.6.1.4.1.4203.1.10.1
LDAP Subentry Request Control
RFC3672
2.16.840.1.113730.3.4.12
Proxy Authorization v1 Control
Draft
2.16.840.1.113730.3.4.18
Proxy Authorization v2 Control
RFC4370
2.16.840.1.113730.3.4.16
Authorization Identity Request Control
RFC3829
2.16.840.1.113730.3.4.17
Real Attributes Only Control
2.16.840.1.113730.3.4.19
Virtual Attributes Only Control
2.16.840.1.113730.3.4.2
ManageDsaIT
RFC3296
2.16.840.1.113730.3.4.3
Persistent Search Control
Draft
2.16.840.1.113730.3.4.9
Virtual List View Control
Draft
Table 8-2
LDAP Controls Supported by the Proxy
OID
LDAP Control
RFC or draft
Supported by Proxy Workflow Element
Supported by Distribution Algorithm
Supported by remote DSEE 7
Supported by remote Sun OpenDS SE directory server
Notes
1.2.826.0.1.3344810.2.3
Matched Values Control
RFC3876
Yes
Yes
No
Yes
1.2.840.113556.1.4.319
Page Results Control
RFC2696
Yes
No
No
Yes
1.2.840.113556.1.4.473
Server-side Sort Control
RFC2891
Yes
No
Yes
Yes
Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports server-side LDAP control.
1.2.840.113556.1.4.805
Subtree Delete Control
Draft
Yes
No
No
Yes
Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports subtree delete LDAP control. Not supported by the distribution algorithm because targeted entries can span multiple remote LDAP servers.
1.3.6.1.1.12
Assertion Control
RFC4528
Yes
Yes
No
Yes
Supported if the remote LDAP server that hosts the targeted entry also supports assertion control. Therefore not supported in Sun OpenDS Standard Edition proxy configurations where all remote LDAP servers run Sun DSEE 7.
1.3.6.1.1.13.1
LDAP Pre-read Control
RFC4527
Yes
Yes
Complies sufficiently for Sun OpenDS Standard Edition proxy to work
Yes
Supported if the remote LDAP servers that host the targeted entries also support LDAP pre-read control.

Required for the global index catalog. In Sun OpenDS SE directory servers, this control must be enabled.
1.3.6.1.1.13.2
LDAP Post-read Control
RFC4527
Yes
Yes
No
Yes
Supported if the remote LDAP servers that hosts the targeted entries also support LDAP post-read control. Therefore not supported in Sun OpenDS Standard Edition proxy configurations where all remote LDAP servers run Sun DSEE 7.

In Sun OpenDS SE directory servers, this control must be enabled.
1.3.6.1.4.1.26027.1.5.2
Replication Repair Control
No
No
No
Yes
Not supported by Sun OpenDS Standard Edition proxy. To repair data inconsistency across remote LDAP servers, bypass the proxy and send the control directly to the remote LDAP servers running Sun OpenDS SE. For remote LDAP servers running DSEE 7, refer to the dsrepair command in the DSEE 7 documentation.
1.3.6.1.4.1.4203.1.10.2
LDAP No-Op Control
Draft
Yes
Yes
No
Yes
Supported if the remote LDAP servers that host the targeted entries also support the LDAP no-op control. Therefore not supported in Sun OpenDS Standard Edition proxy configurations where all remote LDAP servers run Sun DSEE 7.
1.3.6.1.4.1.42.2.27.8.5.1
Password Policy Control
Draft
Yes
Yes
Yes
Yes
1.3.6.1.4.1.42.2.27.9.5.2
Get Effective Rights Control
Yes
Yes
Yes
Yes
If this control is to be used by a configuration of the Sun OpenDS Standard Edition proxy where remote LDAP servers run Sun OpenDS SE, then the aclRights and aclRightsInfo controls need to be authorized in OpenDS, if you have sufficient credentials.
1.3.6.1.4.1.42.2.27.9.5.8
Account Usability Control
Yes
Yes
Yes
Yes
1.3.6.1.4.1.4203.1.10.1
LDAP Subentry Request Control
RFC3672
Yes
Yes
No
Yes
Supported if the remote LDAP servers that host the targeted entries also support the LDAP sub-entry control.
2.16.840.1.113730.3.4.12
Proxy Authorization v1 Control
Draft
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v1 control. If the Sun OpenDS Standard Edition proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.
2.16.840.1.113730.3.4.18
Proxy Authorization v2 Control
RFC4370
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v2 control. If the Sun OpenDS Standard Edition proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.
2.16.840.1.113730.3.4.16
Authorization Identity Request Control
RFC3829
Yes
Yes
Yes
Yes
Supported if the remote LDAP server that hosts the target entry also supports the authorization identity request control.
2.16.840.1.113730.3.4.17
Real Attributes Only Control
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the real attributes only control.
2.16.840.1.113730.3.4.19
Virtual Attributes Only Control
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the virtual attributes only request control.
2.16.840.1.113730.3.4.2
ManageDsaIT
RFC3296
Yes
Yes
Yes
Yes
2.16.840.1.113730.3.4.3
Persistent Search Control
Draft
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the persistent search control.
2.16.840.1.113730.3.4.9
Virtual List View Control
Draft
Yes
No
Yes
Yes
Supported if all of the targeted entries are located on the same remote LDAP server, and that server supports virtual list view control.
1.3.6.1.4.1.42.2.27.9.5.9
CSN (Change Number Control)
Yes
Yes
Yes
Yes
Dedicated to replication, appropriate for modifyRequest, delRequest, and modDNRequest LDAP messages. Required for the global index catalog.
Legal Copyright 1994-2009 Sun Microsystems, Inc.
Previous Next