Overview#

LDAP_SERVER_PERMISSIVE_MODIFY is a SupportedControl which was defined by Microsoft stating that it "Allows an LDAP modify to work under less restrictive conditions. Without it, a delete will fail if an attribute done not exist, and an add will fail if an attribute already exists. No data is needed in this control."

The Microsoft defined permissive modify request control. The OID for this control is 1.2.840.113556.1.4.1413, and it does not have a value.

This control can only be used with LDAP modify requests. It changes the behavior of the modify operation as follows:

  • Attempts to add an attribute value which already exists will be ignored and will not cause an AttributeValueExists error result to be returned.
  • Attempts to delete an attribute value which does not exist will be ignored and will not cause an NoSuchAttribute error result to be returned.

In other words, a modify request add modification ensures that the attribute contains the specified attribute value, and a delete modification ensures that the attribute does not contain the specified attribute value.

From what we can tell, this is passed in a Modify Request and there is no expected response.

Other LDAP Server Implementations #

We have discovered that the following support this control:

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 17-Dec-2014 19:33 by jim