JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory 11g Release 1 (11.1.1)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  The Directory Server Access Control Model

3.  Understanding the Directory Server Schema

4.  Directory Server Index Databases

5.  Directory Server Replication

6.  Directory Server Root Users and the Privilege Subsystem

7.  Supported Controls and Operations

Supported LDAP Controls

Supported Extended Operations

Supported LDAP Controls

A supported control is a mechanism for identifying the request controls supported by the Oracle Unified Directory. The OIDs of these controls are listed in the supportedControl attribute of the server's root DSE.

Table 7-1 lists the controls supported by the directory server.

If you have installed a proxy, refer to Table 7-2, which lists the controls supported by the Oracle Unified Directory proxy as well as by the remote LDAP servers.

Table 7-1 LDAP Controls Supported by the Directory Server

OID
LDAP Control
RFC or draft
1.2.826.0.1.3344810.2.3
Matched Values Control
RFC3876
1.2.840.113556.1.4.319
Page Results Control
RFC2696
1.2.840.113556.1.4.473
Server-side Sort Control
RFC2891
1.2.840.113556.1.4.805
Subtree Delete Control
Draft
1.3.6.1.1.12
Assertion Control
RFC4528
1.3.6.1.1.13.1
LDAP Pre-read Control
RFC4527
1.3.6.1.1.13.2
LDAP Post-read Control
RFC4527
1.3.6.1.4.1.26027.1.5.2
Replication Repair Control
1.3.6.1.4.1.4203.1.10.2
LDAP No-Op Control
Draft
1.3.6.1.4.1.42.2.27.8.5.1
Password Policy Control
Draft
1.3.6.1.4.1.42.2.27.9.5.2
Get Effective Rights Control
1.3.6.1.4.1.42.2.27.9.5.8
Account Usability Control
1.3.6.1.4.1.42.2.27.9.5.9
CSN (Change Number Control)
1.3.6.1.4.1.4203.1.10.1
LDAP Subentry Request Control
RFC3672
2.16.840.1.113730.3.4.4
Password Expired Control
2.16.840.1.113730.3.4.5
Password Expiration Warning Control
2.16.840.1.113730.3.4.12
Proxy Authorization v1 Control
Draft
2.16.840.1.113730.3.4.18
Proxy Authorization v2 Control
RFC4370
2.16.840.1.113730.3.4.16
Authorization Identity Request Control
RFC3829
2.16.840.1.113730.3.4.17
Real Attributes Only Control
2.16.840.1.113730.3.4.19
Virtual Attributes Only Control
2.16.840.1.113730.3.4.2
ManageDsaIT
RFC3296
2.16.840.1.113730.3.4.3
Persistent Search Control
Draft
2.16.840.1.113730.3.4.9
Virtual List View Control
Draft

Table 7-2 LDAP Controls Supported by the Proxy

OID
LDAP Control
RFC or draft
Supported by Proxy Workflow Element
Supported by Distribution Algorithm
Supported by remote ODSEE
Supported by remote Oracle Unified Directory directory server
Notes
1.2.826.0.1.3344810.2.3
Matched Values Control
RFC3876
Yes
Yes
No
Yes
1.2.840.113556.1.4.319
Page Results Control
RFC2696
Yes
No
No
Yes
1.2.840.113556.1.4.473
Server-side Sort Control
RFC2891
Yes
No
Yes
Yes
Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports server-side LDAP control.
1.2.840.113556.1.4.805
Subtree Delete Control
Draft
Yes
No
No
Yes
Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports subtree delete LDAP control. Not supported by the distribution algorithm because targeted entries can span multiple remote LDAP servers.
1.3.6.1.1.12
Assertion Control
RFC4528
Yes
Yes
No
Yes
Supported if the remote LDAP server that hosts the targeted entry also supports assertion control. Therefore not supported in Oracle Unified Directory proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.
1.3.6.1.1.13.1
LDAP Pre-read Control
RFC4527
Yes
Yes
Complies sufficiently for Oracle Unified Directory proxy to work
Yes
Supported if the remote LDAP servers that host the targeted entries also support LDAP pre-read control.

Required for the global index catalog. In Oracle Unified Directory directory servers, this control must be enabled.
1.3.6.1.1.13.2
LDAP Post-read Control
RFC4527
Yes
Yes
No
Yes
Supported if the remote LDAP servers that hosts the targeted entries also support LDAP post-read control. Therefore not supported in Oracle Unified Directory proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.

In Oracle Unified Directory directory servers, this control must be enabled.
1.3.6.1.4.1.26027.1.5.2
Replication Repair Control
No
No
No
Yes
Not supported by Oracle Unified Directory proxy. To repair data inconsistency across remote LDAP servers, bypass the proxy and send the control directly to the remote LDAP servers running Oracle Unified Directory. For remote LDAP servers running Oracle Directory Server Enterprise Edition, refer to the dsrepair command in the Oracle Directory Server Enterprise Edition documentation.
1.3.6.1.4.1.4203.1.10.2
LDAP No-Op Control
Draft
Yes
Yes
No
Yes
Supported if the remote LDAP servers that host the targeted entries also support the LDAP no-op control. Therefore not supported in Oracle Unified Directory proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.
1.3.6.1.4.1.42.2.27.8.5.1
Password Policy Control
Draft
Yes
Yes
Yes
Yes
1.3.6.1.4.1.42.2.27.9.5.2
Get Effective Rights Control
Yes
Yes
Yes
Yes
If this control is to be used by a configuration of the Oracle Unified Directory proxy where remote LDAP servers run Oracle Unified Directory, then the aclRights and aclRightsInfo controls need to be authorized in Oracle Unified Directory, if you have sufficient credentials.
1.3.6.1.4.1.42.2.27.9.5.8
Account Usability Control
Yes
Yes
Yes
Yes
1.3.6.1.4.1.4203.1.10.1
LDAP Subentry Request Control
RFC3672
Yes
Yes
No
Yes
Supported if the remote LDAP servers that host the targeted entries also support the LDAP sub-entry control.
2.16.840.1.113730.3.4.12
Proxy Authorization v1 Control
Draft
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v1 control. If the Oracle Unified Directory proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.
2.16.840.1.113730.3.4.18
Proxy Authorization v2 Control
RFC4370
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v2 control. If the Oracle Unified Directory proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.
2.16.840.1.113730.3.4.16
Authorization Identity Request Control
RFC3829
Yes
Yes
Yes
Yes
Supported if the remote LDAP server that hosts the target entry also supports the authorization identity request control.
2.16.840.1.113730.3.4.17
Real Attributes Only Control
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the real attributes only control.
2.16.840.1.113730.3.4.19
Virtual Attributes Only Control
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the virtual attributes only request control.
2.16.840.1.113730.3.4.2
ManageDsaIT
RFC3296
Yes
Yes
Yes
Yes
2.16.840.1.113730.3.4.3
Persistent Search Control
Draft
Yes
Yes
Yes
Yes
Supported if the remote LDAP servers that host the targeted entries also support the persistent search control.
2.16.840.1.113730.3.4.9
Virtual List View Control
Draft
Yes
No
Yes
Yes
Supported if all of the targeted entries are located on the same remote LDAP server, and that server supports virtual list view control.
1.3.6.1.4.1.42.2.27.9.5.9
CSN (Change Number Control)
Yes
Yes
Yes
Yes
Dedicated to replication, appropriate for modifyRequest, delRequest, and modDNRequest LDAP messages. Required for the global index catalog.
Copyright © 2006, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next