Previous | Next | Trail Map | Tips for LDAP Users | Contents

Controls and Extensions

The LDAP v3 was designed with extensibility in mind. It is extensible in two ways: by using controls and by using extensions.


The LDAP v3 allows the behavior of any operation to be modified through the use of controls. Any number of controls may be sent along with an LDAP request, and any number of controls may be returned with its results. For example, you can send a Sort control along with a "search" operation that tells the server to sort the results of the search according to the "name" attribute. Controls can be standard or proprietary.

The Controls sections of this lesson describe controls in detail and gives examples of how to use some of the more popular controls.


In addition to the repertoire of predefined operations, such as "search" and "modify," the LDAP v3 defines an "extended" operation. The "extended" operation takes a request as the argument and returns a response. The request contains an identifier that identifies the request and the arguments of the request, and the response contains the results of performing the request. The pair of extended operation request/response is called an extension. For example, an extension is possible for Start TLS, which is a request for the client to the server to activate the TLS protocol. These extensions can be standard (defined by the LDAP community) or proprietary (defined by a particular directory vendor). The Extensions section of this lesson describes extensions in more detail.

The javax.naming.ldap Package

Controls and extensions are supported by classes and interfaces in the javax.naming.ldap(in the API reference documentation) package. The core interface in this package is LdapContext(in the API reference documentation), which defines methods on a context for performing "extended" operations and handling controls. The rest of the package contains classes and interfaces for representing controls and extensions.

Software Requirements: When using the controls examples in this lesson, you need the ldapbp.jar archive file in addition to the software requirements listed in the Preparations (in the Basics trail) lesson. This file can be downloaded as part of the LDAP service provider from the JNDI Web site.

When using the Start TLS extension examples in this lesson, you need the Java 2 SDK, v1.4.

Server Requirements: The examples in this lesson depend on server support for certain features. Specifically, they use the Sort control, the Virtual List View control, and the Start TLS extension. The SunONE Directory Server v5 supports all of these features, although it supports the Virtual List View control only for authenticated clients.

Previous | Next | Trail Map | Tips for LDAP Users | Contents