LDAP Dereference Control


LDAP Dereference Control SupportedControl allows a DUA to request the DSA to return specific attributes of Linked Attribute entries along with the link, under the assumption that this operation can be performed by the DSA in a more efficient manner than the DUA would itself by performing the complete sequence of required search operations.

LDAP Dereference Control is defined in Internet Draft LDAP Dereference Control which expired in 2009

2.2 Control Request#

The control type is deref-oid. The specification of the Dereference Control request is:
controlValue ::= SEQUENCE OF derefSpec DerefSpec

DerefSpec ::= SEQUENCE {
    derefAttr       attributeDescription,    ; with DN syntax
    attributes      AttributeList }

AttributeList ::= SEQUENCE OF attr AttributeDescription

The derefAttr must be be a DN and of DN Syntax (

Each derefSpec.derefAttr MUST be unique within controlValue.

2.3. Control Response#

The control type is deref-oid. The specification of the Dereference Control response is:
controlValue ::= SEQUENCE OF derefRes DerefRes

DerefRes ::= SEQUENCE {
    derefAttr       AttributeDescription,
    derefVal        LDAPDN,
    attrVals        [0] PartialAttributeList OPTIONAL }

PartialAttributeList ::= SEQUENCE OF
                        partialAttribute PartialAttribute

PartialAttribute is defined in RFC 4511; the definition is reported here for clarity:

PartialAttribute ::= SEQUENCE {
    type       AttributeDescription,
    vals       SET OF value AttributeValue }
If partialAttribute.vals is empty, the corresponding partialAttribute is omitted. If all partialAttribute.vals in attrVals are empty, that derefRes.attrVals is omitted.

LDAP Dereference Control This LDAP SupportedControl is currently implemented in OpenLDAP software using the temporary OID under OpenLDAP's experimental OID arc.

More Information#

There might be more information for this subject on one of the following: