jspωiki
LDAP_SERVER_SD_FLAGS_OID
Your trail: 

Overview#

LDAP_SERVER_SD_FLAGS_OID (1.2.840.113556.1.4.801) is a SupportedControl for Microsoft Active Directory and used is used with an LDAP SearchRequest to control the portion of a Windows Security Descriptor to retrieve.

Typically a Domain Controller returns only the specified portion of the Security Descriptor. It is also used with LDAP Add Request and Modify Request to control the portion of a Windows security descriptor to modify.

When sending this control to the DC, the controlValue field is set to the BER encoding of the following ASN.1 structure. 

SDFlagsRequestValue ::= SEQUENCE {
     Flags    INTEGER
}
The value of the control is an integer, which is used to identify which Security Descriptor (SD) parts the client intends to read or modify. When the control is not specified, the default value of 15 (0x0000000F) is used.

The Security Descriptor parts are identified using the following bit values:

If the LDAP_SERVER_SD_FLAGS_OID control is present in an LDAP SearchRequest, the server returns an Security Descriptor with the parts specified in the control when:

  • the Security Descriptor attribute name is explicitly mentioned in the requested attribute list
  • the requested attribute list is empty
  • all attributes are requested (RFC 2251 section 4.5.1).
Without the presence of this control, the server returns an Security Descriptor only when the Security Descriptor attribute name is explicitly mentioned in the requested attribute list.

For Modify Request operations, the bits identify which Security Descriptor parts are affected by the operation.

The client might supply values for other (or all) Security Descriptor fields. However, the server only updates the fields that are identified by the LDAP_SERVER_SD_FLAGS_OID control. The remaining fields are ignored.
When performing an LDAP Add Request operation, the client can supply an Security Descriptor flags control with the operation; however, it will be ignored by the server.

More Information#

There might be more information for this subject on one of the following:

This page (revision-7) was last changed on 28-Feb-2019 09:39 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions42
Uptime60d, 2h 39m 42s
Number of pages15413

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1