LDAP Modify-Increment Extension


LDAP Modify-Increment Extension is defined in RFC 4525 as a supportedExtension for to the Lightweight Directory Access Protocol (LDAP) Modify Request to support an increment capability as a LDAP ModifyRequest Operations

LDAP Modify-Increment Extension is useful in provisioning applications especially when combined with the LDAP Assertion Control and/or the LDAP Pre-Read Control or LDAP Post-Read Control.

LDAP Modify-Increment Extension extends the LDAP Modify request to support a increment values capability. Implementations of LDAP Modify-Increment Extension SHALL support an additional Modify Request operation enumeration value increment as described herein. Implementations not supporting LDAP Modify-Increment Extension extension will treat this value as they would an unlisted value as a protocol error.

If the Modify Request type is increment, then there must be an attribute description with exactly one value, and that value must be a positive or negative integer. The target attribute must exist in the entry with exactly one value, and that value must be an integer. The increment operation will update the specified attribute so that its new value will be the sum of the provided value and the existing value.

The increment Modify Request operation value specifies that an increment values modification is requested. All existing values of the modification attribute are to be incremented by the listed value. The modification attribute must be appropriate for the request (e.g., it must have INTEGER or other increment-able values), and the modification must provide one and only one value. If the attribute is not appropriate for the request, a LDAP_CONSTRAINT_VIOLATION or other appropriate error is to be returned.

If multiple values are provided, a LDAP_PROTOCOL_ERROR is to be returned.

LDAP Server Implementations supporting this feature SHOULD publish the object identifier OID as a value of the 'SupportedFeatures' RFC 4512 attribute in the Root DSE. Clients supporting this feature SHOULD NOT use the feature unless they know the server supports it.

LDIF Support#

To represent Modify-Increment requests in LDAP Data Interchange Format RFC 2849, the ABNF RFC 4234 production <mod-spec> is extended as follows:
mod-spec =/ "increment:" FILL AttributeDescription SEP
  attrval-spec "-" SEP

The LDIF Example,

# Increment uidNumber
dn: cn=max-assigned uidNumber,dc=example,dc=com
changetype: modify
increment: uidNumber
uidNumber: 1
This LDIF fragment represents a Modify request to increment the value(s) of uidNumber by 1.

We at Ldapwiki found the wording in RFC 4525 to be very interesting. "Servers supporting this feature SHOULD publish the object identifier (OID) as a value of the 'supportedFeatures' RFC 4512 attribute in the root DSE. " Why as a SupportedFeature when it is a SupportedExtension ?

As near as we can tell, this implies the same OID should be listed in both the RFC 4511 in section 4.12. Extended Operation states: "Servers list the requestName of Extended Requests they recognize in the 'supportedExtension' attribute in the root DSE Section 5.1 of (RFC4512)"

More Information#

There might be more information for this subject on one of the following: