The LDAP v3 protocol (documented in RFC 2251, "Lightweight Directory Access Protocol (v3)") allows clients and servers to use controls as a mechanism for extending an LDAP operation. A control is a way to specify additional information as part of a request and a response.
For example, a client can send a control to a server as part of a search request to indicate that the server should sort the search results before sending the results back to the client.
Servers can also send controls back to clients. For example, the Netscape Directory Server sends a control back to a client during the authentication process if the client's password has expired or is going to expire.
A control specifies the following information:
The OID identifies the control. If you plan to use a control, you need to make sure that the server supports the control. (See "Determining the Controls Supported By the Server" for details.)
When your client includes a control in a request for an LDAP operation, the server may respond in one of the following ways:
Note that servers can also send controls back to clients.
There are two types of controls:
The next section describes how controls are implemented in the LDAP Java classes and which classes and methods you can use to create, send, and parse data from LDAP controls.
|