Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Unified Directory
11g Release 2 (11.1.2)

Part Number E22648-05
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

B Supported Controls and Operations

The Oracle Unified Directory supports a number of standard LDAP controls and extended operations. The following sections list these controls and extended operations.

For information about using the LDAP controls, see Section 17.5.3, "Searching Using Controls".

B.1 Supported LDAP Controls

A supported control is a mechanism for identifying the request control supported by the Oracle Unified Directory. The object identifier of these controls are listed in the supportedControl attribute of the server's root DSE.

Table B-1 lists the controls supported by the directory server.

If you have installed a proxy instance, refer to Table B-2, which lists the controls supported by the proxy as well as by the remote LDAP servers.

Table B-1 LDAP Controls Supported by the Directory Server

OID LDAP Control RFC or draft

1.2.826.0.1.3344810.2.3

Matched Values Control

RFC3876

1.2.840.113556.1.4.319

Page Results Control

RFC2696

1.2.840.113556.1.4.473

Server-side Sort Control

RFC2891

1.2.840.113556.1.4.805

Subtree Delete Control

Draft

1.3.6.1.1.12

Assertion Control

RFC4528

1.3.6.1.1.13.1

LDAP Pre-read Control

RFC4527

1.3.6.1.1.13.2

LDAP Post-read Control

RFC4527

1.3.6.1.4.1.26027.1.5.2

Replication Repair Control

 

1.3.6.1.4.1.4203.1.10.2

LDAP No-Op Control

Draft

1.3.6.1.4.1.42.2.27.8.5.1

Password Policy Control

Draft

1.3.6.1.4.1.42.2.27.9.5.2

Get Effective Rights Control

 

1.3.6.1.4.1.42.2.27.9.5.8

Account Usability Control

 

1.3.6.1.4.1.42.2.27.9.5.9

CSN (Change Number Control)

 

1.3.6.1.4.1.4203.1.10.1

LDAP Subentry Request Control

RFC3672

2.16.840.1.113730.3.4.4

Password Expired Control

 

2.16.840.1.113730.3.4.5

Password Expiration Warning Control

 

2.16.840.1.113730.3.4.12

Proxy Authorization v1 Control

Draft

2.16.840.1.113730.3.4.18

Proxy Authorization v2 Control

RFC4370

2.16.840.1.113730.3.4.16

Authorization Identity Request Control

RFC3829

2.16.840.1.113730.3.4.17

Real Attributes Only Control

 

2.16.840.1.113730.3.4.19

Virtual Attributes Only Control

 

2.16.840.1.113730.3.4.2

ManageDsaIT

RFC3296

2.16.840.1.113730.3.4.3

Persistent Search Control

Draft

2.16.840.1.113730.3.4.9

Virtual List View Control

Draft

2.16.840.1.113894.1.8.21

OID Search Count Request Control

 

Table B-2 LDAP Controls Supported by the Proxy

OID LDAP Control RFC or draft Supported by Proxy Workflow Element Supported by Distribution Algorithm Supported by remote ODSEE Supported by remote Oracle Unified Directory directory server Notes

1.2.826.0.1.3344810.2.3

Matched Values Control

RFC3876

Yes

Yes

No

Yes

 

1.2.840.113556.1.4.319

Page Results Control

RFC2696

Yes

No

No

Yes

 

1.2.840.113556.1.4.473

Server-side Sort Control

RFC2891

Yes

No

Yes

Yes

Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports server-side LDAP control.

1.2.840.113556.1.4.805

Subtree Delete Control

Draft

Yes

No

No

Yes

Supported if all targeted entries are on the same remote LDAP server, and that remote LDAP server supports subtree delete LDAP control. Not supported by the distribution algorithm because targeted entries can span multiple remote LDAP servers.

1.3.6.1.1.12

Assertion Control

RFC4528

Yes

Yes

No

Yes

Supported if the remote LDAP server that hosts the targeted entry also supports assertion control. Therefore not supported in proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.

1.3.6.1.1.13.1

LDAP Pre-read Control

RFC4527

Yes

Yes

Complies sufficiently for the proxy to work

Yes

Supported if the remote LDAP servers that host the targeted entries also support LDAP pre-read control.

Required for the global index catalog. In Oracle Unified Directory directory servers, this control must be enabled.

1.3.6.1.1.13.2

LDAP Post-read Control

RFC4527

Yes

Yes

No

Yes

Supported if the remote LDAP servers that hosts the targeted entries also support LDAP post-read control. Therefore not supported in proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.

In Oracle Unified Directory directory servers, this control must be enabled.

1.3.6.1.4.1.26027.1.5.2

Replication Repair Control

 

No

No

No

Yes

Not supported by the proxy. To repair data inconsistency across remote LDAP servers, bypass the proxy and send the control directly to the remote LDAP servers running Oracle Unified Directory. For remote LDAP servers running Oracle Directory Server Enterprise Edition, refer to the dsrepair command in the Oracle Directory Server Enterprise Edition documentation.

1.3.6.1.4.1.4203.1.10.2

LDAP No-Op Control

Draft

Yes

Yes

No

Yes

Supported if the remote LDAP servers that host the targeted entries also support the LDAP no-op control. Therefore not supported in proxy configurations where all remote LDAP servers run Oracle Directory Server Enterprise Edition.

1.3.6.1.4.1.42.2.27.8.5.1

Password Policy Control

Draft

Yes

Yes

Yes

Yes

 

1.3.6.1.4.1.42.2.27.9.5.2

Get Effective Rights Control

 

Yes

Yes

Yes

Yes

If this control is to be used by a configuration of the proxy where remote LDAP servers run Oracle Unified Directory, then the aclRights and aclRightsInfo controls need to be authorized in Oracle Unified Directory, if you have sufficient credentials.

1.3.6.1.4.1.42.2.27.9.5.8

Account Usability Control

 

Yes

Yes

Yes

Yes

 

1.3.6.1.4.1.4203.1.10.1

LDAP Subentry Request Control

RFC3672

Yes

Yes

No

Yes

Supported if the remote LDAP servers that host the targeted entries also support the LDAP sub-entry control.

2.16.840.1.113730.3.4.12

Proxy Authorization v1 Control

Draft

Yes

Yes

Yes

Yes

Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v1 control. If the proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.

2.16.840.1.113730.3.4.18

Proxy Authorization v2 Control

RFC4370

Yes

Yes

Yes

Yes

Supported if the remote LDAP servers that host the targeted entries also support the proxy-authorization v2 control. If the proxy is configured in this control mode, the remote LDAP server must also support the get effective rights control.

2.16.840.1.113730.3.4.16

Authorization Identity Request Control

RFC3829

Yes

Yes

Yes

Yes

Supported if the remote LDAP server that hosts the target entry also supports the authorization identity request control.

2.16.840.1.113730.3.4.17

Real Attributes Only Control

 

Yes

Yes

Yes

Yes

Supported if the remote LDAP servers that host the targeted entries also support the real attributes only control.

2.16.840.1.113730.3.4.19

Virtual Attributes Only Control

 

Yes

Yes

Yes

Yes

Supported if the remote LDAP servers that host the targeted entries also support the virtual attributes only request control.

2.16.840.1.113730.3.4.2

ManageDsaIT

RFC3296

Yes

Yes

Yes

Yes

 

2.16.840.1.113730.3.4.3

Persistent Search Control

Draft

Yes

Yes

Yes

Yes

Supported if the remote LDAP servers that host the targeted entries also support the persistent search control.

2.16.840.1.113730.3.4.9

Virtual List View Control

Draft

Yes

No

Yes

Yes

Supported if all of the targeted entries are located on the same remote LDAP server, and that server supports virtual list view control.

1.3.6.1.4.1.42.2.27.9.5.9

CSN (Change Number Control)

 

Yes

Yes

Yes

Yes

Dedicated to replication, appropriate for modifyRequest, delRequest, and modDNRequest LDAP messages. Required for the global index catalog.


B.2 Supported Extended Operations

A supported extension is a mechanism for identifying the extended operation supported by the Oracle Unified Directory. The object identifier of these extended operations are listed in the supportedExtension attribute of the server's root DSE.

The supported extensions for the Oracle Unified Directory include:

1.3.6.1.1.8

The cancel extended operation

1.3.6.1.4.1.1466.20037

The StartTLS extended operation

1.3.6.1.4.1.26027.1.6.1

The Password Policy State extended operation

1.3.6.1.4.1.26027.1.6.2

The Get Connection ID extended operation

1.3.6.1.4.1.26027.1.6.3

The Get Symmetric Key extended operation

1.3.6.1.4.1.4203.1.11.1

The Password Modify extended operation

1.3.6.1.4.1.4203.1.11.3

The "Who Am I?" extended operation