Overview#LDAP_SERVER_PERMISSIVE_MODIFY is a SupportedControl which was defined by Microsoft stating that it "Allows an LDAP modify to work under less restrictive conditions. Without it, a delete will fail if an attribute done not exist, and an add will fail if an attribute already exists. No data is needed in this control."
This control can only be used with LDAP Modify Requests and changes the behavior of the modify operation as follows:
- Modify Request attempts to add an Attribute Value which already exists will be ignored and will not cause an LDAP_TYPE_OR_VALUE_EXISTS error result to be returned.
- Modify Request attempts to delete an Attribute Value which does not exist will be ignored and will not cause an LDAP_NO_SUCH_ATTRIBUTE error result to be returned.
In other words, a Modify Request add modification ensures that the attribute contains the specified attribute value, and a delete modification ensures that the attribute does not contain the specified attribute value.