Overview [1]#

The LDAP_SERVER_NOTIFICATION_OID control is used with an extended LDAP Asynchronous Operation search function to register the client to be notified when changes are made to an object in Microsoft Active Directory.

To use this control, set the members of the LDAPControl structure as follows:

PWCHAR ldctl_oid = LDAP_SERVER_NOTIFICATION_OID;
struct berval ldctl_value = {0, NULL};
BOOLEAN ldctl_iscritical;

Members#

• ldctl_oid - LDAP_SERVER_NOTIFICATION_OID, defined as "1.2.840.113556.1.4.528".
• ldctl_value - No data for this control. In the berval structure, set bv_len to zero and bv_val to NULL.
• ldctl_iscritical - Can be TRUE or FALSE depending on whether LDAP notification is critical to the application.

Remarks#

Notifications are Asynchronous Operations. The server sends SearchEntry responses, that contain the modified objects, to the client using the LDAPMessage ID of the original notification request. Notifications from this control may be canceled using the ldap_abandon function. For more information about Notifications in Active Directory, see Change Notifications in Active Directory.

Limitations of the Server Notification Control include:

• The filter, (objectclass = *), is the only filter allowed on a persistent search.
• Base, one-level, and subtree searches are allowed, but subtree searches must be rooted on a Naming Context.

The user application must have the proper directory service access rights to successfully use this control. The user application must have permission to read the objects that fall within the scope of the search function using this control. Any object that is not accessed with the proper permission will NOT generate a change notification when its contents are modified.

Requirements#

• Minimum supported client: Windows Vista
• Minimum supported server: Windows Server 2008

More Information#

• LDAP Extensions and Controls Listing

• [#1] - LDAP_SERVER_NOTIFICATION_OID control code - based on information obtained 2017-09-14-