The LDAP extended operation provides a degree of extensibility to the LDAP protocol by allowing clients to request operations not defined in the core protocol specification.
A server should display the supported Extensions within the rootDSE as a supportedExtension.
Examples of LDAP extended operations include:
- LDAP Cancel Extended Operation -- This operation may be used to cancel a previously-requested operation.
- Password Modify Extended Operation -- This operation may be used to change a user password.
- StartTLS -- This operation may be used to initiate a secure communication channel over an existing connection.
- Who Am I Extended Operation -- This operation may be used to determine the authorization identity associated with the client connection.
The extended request protocol op is defined as follows:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE { requestName [0] LDAPOID, requestValue [1] OCTET STRING OPTIONAL }
The elements of the extended request include:
- requestName - The OID that is used to indicate the type of operation to perform.
- requestValue - An optional value containing additional information to use during the course of processing the request.
The response to an Extended Request is a Extended Response
More Information#
There might be more information for this subject on one of the following:- Access Log
- Asynchronous Operation
- Bulk Update-Replication Protocol
- CreateGroupingRequest
- Differences between LDAP 2 and 3 Protocols
- End Transaction Request
- EndGroupingRequest
- Extended Request
- Extended Response
- LDAP Message
- NMAS Get Password Request
- OID
- RequestName
- RequestValue
- Start Transaction Request
- StartTLS
- SupportedExtension
- Unsolicited Notification