authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
The LDAP extended operation provides a degree of extensibility to the LDAP protocol by allowing clients to request operations not defined in the core protocol specification. Examples of LDAP extended operations include:
This operation may be used to cancel a previously-requested operation.
This operation may be used to change a user password.
This operation may be used to initiate a secure communication channel over an existing connection.
This operation may be used to determine the authorization identity associated with the client connection.
The extended request protocol op is defined as follows:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE { requestName [0] LDAPOID, requestValue [1] OCTET STRING OPTIONAL }
The elements of the extended request include:
The OID that is used to indicate the type of operation to perform.
An optional value containing additional information to use during the course of processing the request.
The response to an LDAP extended operation is defined as follows:
ExtendedResponse ::= [APPLICATION 24] SEQUENCE { COMPONENTS OF LDAPResult, responseName [10] LDAPOID OPTIONAL, responseValue [11] OCTET STRING OPTIONAL }
The extended response includes these elements:
The elements of the LDAP result object.
An optional OID used to indicate the type of response.
An optional encoded value with additional information to include in the response.