Overview#

An LDAP control is an element that may be included in an LDAP Message. If it is included in a request message, it can be used to provide additional information about the way that the operation should be processed. If it is included in the response message, it can be used to provide additional information about the way the operation was processed.

The SupportedControl by a particular LDAP server can be obtained by querying the RootDSE.

Examples of LDAP controls include:

  • Account Usability Request Control -- This is a pair of request and response controls that indicate whether an account is able to authenticate to the server.
  • Authorization Identity Request Control -- This is a pair of request and response controls that may be used to determine the authorization identity for a user as part of a bind operation.
  • Entry Change Notification Control -- This is a control that is included in search result entry messages performed as part of a persistent search to indicate how an entry has been updated.
  • Get Effective Rights Control -- This is a request control that may be used to obtain information about what rights a user has for accessing a given entry.
  • LDAP Assertion Control -- This is a request control that may be used to ensure that an operation is only processed if the target entry matches a given assertion filter.
  • LDAP No-Op Control -- This is a request control that may be used to ensure that a write operation does not actually change any information in the server but attempts to determine whether the operation would otherwise be successful.
  • LDAP Post-Read Control -- This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately after performing an add, modify, or modify DN operation.
  • LDAP Pre-Read Control -- This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately before performing a delete, modify, or modify DN operation.
  • Manage DSA IT Control -- This is a request control that may be used to request that the server treat smart referrals as regular entries rather than as referrals.
  • Matched Values Control -- This is a request control that may be used to request that entries returned from a search operation only include values matching a given filter.
  • Persistent Search Control -- This is a request control that may be used to receive notification whenever an entry matching a given set of criteria is updated in the server.
  • Proxied Authorization Control -- This is a request control that may be used to request that an operation be performed under the authorization of another user.
  • Server Side Sort Control -- This is a request control that may be used to request that the server sort the results before returning them to the client.
  • Simple Paged Results Control -- This is a request control that may be used to request that the server retrieve only a subset of the results, and when used repeatedly can allow the client to page through the result set.
  • Virtual List View Control -- This is a pair of request and response controls that may be used to retrieve an arbitrary page of search results from the server.
  • LDAP Extensions and Controls Listing - A perhaps more complete listing of SupportedControl values.

We have an extensive LDAP Extensions and Controls Listing.

Definition#

An LDAP control is defined as follows:
        Control ::= SEQUENCE {
             controlType             LDAPOID,
             criticality             BOOLEAN DEFAULT FALSE,
             controlValue            OCTET STRING OPTIONAL } 

The elements of a control include:

Searching Using Controls#

You can enhance an LDAP search by Searching Using Controls

eDirectory LDAP Virtual List View and Server Side Sort Controls#

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-39) was last changed on 16-Dec-2016 09:24 by jim