The LDAP extended operation provides a degree of extensibility to the LDAP protocol by allowing clients to request operations not defined in the core protocol specification.

A server should display the supported Extensions within the rootDSE as a supportedExtension.

Examples of LDAP extended operations include:

• LDAP Cancel Extended Operation -- This operation may be used to cancel a previously-requested operation.
• Password Modify Extended Operation -- This operation may be used to change a user password.
• StartTLS -- This operation may be used to initiate a secure communication channel over an existing connection.
• Who Am I Extended Operation -- This operation may be used to determine the authorization identity associated with the client connection.

The extended request protocol op is defined as follows:

ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
    requestName      [0] LDAPOID,
    requestValue     [1] OCTET STRING OPTIONAL } 

The elements of the extended request include:

• requestName - The OID that is used to indicate the type of operation to perform.
• requestValue - An optional value containing additional information to use during the course of processing the request.

The response to an Extended Request is a Extended Response

More Information#

There might be more information for this subject on one of the following:

• Access Log
• Asynchronous Operation
• Bulk Update-Replication Protocol
• CreateGroupingRequest
• Differences between LDAP 2 and 3 Protocols
• End Transaction Request
• EndGroupingRequest
• Extended Request
• Extended Response
• LDAP Message
• NMAS Get Password Request
• OID
• RequestName
• RequestValue
• Start Transaction Request
• StartTLS
• SupportedExtension
• Unsolicited Notification