authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
An LDAP control is an element that may be included in an message. If it is included in a request message, it can be used to provide additional information about the way that the operation should be processed. If it is included in the response message, it can be used to provide additional information about the way the operation was processed.
Examples of LDAP controls include:
Account usability control - This is a pair of request and response controls that indicate whether an account is able to authenticate to the server.
Authorization identity control - This is a pair of request and response controls that may be used to determine the authorization identity for a user as part of a bind operation.
Entry change notification control - This is a control that is included in search result entry messages performed as part of a persistent search to indicate how an entry has been updated.
Get effective rights control - This is a request control that may be used to obtain information about what rights a user has for accessing a given entry.
LDAP assertion control - This is a request control that may be used to ensure that an operation is only processed if the target entry matches a given assertion filter.
LDAP no-op control - This is a request control that may be used to ensure that a write operation does not actually change any information in the server but attempts to determine whether the operation would otherwise be successful.
LDAP post-read control - This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately after performing an add, modify, or modify DN operation.
LDAP pre-read control - This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately before performing a delete, modify, or modify DN operation.
Manage DSA IT control - This is a request control that may be used to request that the server treat smart referrals as regular entries rather than as referrals.
Matched values control - This is a request control that may be used to request that entries returned from a search operation only include values matching a given filter.
Persistent search control - This is a request control that may be used to receive notification whenever an entry matching a given set of criteria is updated in the server.
Proxied authorization control - This is a request control that may be used to request that an operation be performed under the authorization of another user.
Server-side sort control - This is a request control that may be used to request that the server sort the results before returning them to the client.
Simple paged results control - This is a request control that may be used to request that the server retrieve only a subset of the results, and when used repeatedly can allow the client to page through the result set.
Virtual list view control - This is a pair of request and response controls that may be used to retrieve an arbitrary page of search results from the server.
An LDAP control is defined as follows:
Control ::= SEQUENCE { controlType LDAPOID, .... criticality BOOLEAN DEFAULT FALSE, .... controlValue OCTET STRING OPTIONAL }
A control includes these elements:
An OID that specifies the type of control.
A criticality, which indicates whether the control should be considered a critical part of the operation (i.e., if the server cannot process the control, the operation should fail).
An optional value, which can be used to provide additional information about the way the control should be processed.