Definition: LDAP Control
An LDAP control is an element that may be included in an LDAP message. If it is included in a request message, it can be used to provide additional information about the way that the operation should be processed. If it is included in the response message, it can be used to provide additional information about the way the operation was processed.
Examples of LDAP controls include:
- Account Usability Control – This is a pair of request and response controls that indicate whether an account is able to authenticate to the server.
- Authorization Identity Control – This is a pair of request and response controls that may be used to determine the authorization identity for a user as part of a bind operation.
- Entry Change Notification Control – This is a control that is included in search result entry messages performed as part of a persistent search to indicate how an entry has been updated.
- Get Effective Rights Control – This is a request control that may be used to obtain information about what rights a user has for accessing a given entry.
- LDAP Assertion Control – This is a request control that may be used to ensure that an operation is only processed if the target entry matches a given assertion filter.
- LDAP No-Op Control – This is a request control that may be used to ensure that a write operation does not actually change any information in the server but attempts to determine whether the operation would otherwise be successful.
- LDAP Post-Read Control – This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately after performing an add, modify, or modify DN operation.
- LDAP Pre-Read Control – This is a pair of request and response controls that may be used to retrieve an entry as it appeared immediately before performing a delete, modify, or modify DN operation.
- Manage DSA IT Control – This is a request control that may be used to request that the server treat smart referrals as regular entries rather than as referrals.
- Matched Values Control – This is a request control that may be used to request that entries returned from a search operation only include values matching a given filter.
- Persistent Search Control – This is a request control that may be used to receive notification whenever an entry matching a given set of criteria is updated in the server.
- Proxied Authorization Control – This is a request control that may be used to request that an operation be performed under the authorization of another user.
- Server-Side Sort Control – This is a request control that may be used to request that the server sort the results before returning them to the client.
- Simple Paged Results Control – This is a request control that may be used to request that the server retrieve only a subset of the results, and when used repeatedly can allow the client to page through the result set.
- Virtual List View Control – This is a pair of request and response controls that may be used to retrieve an arbitrary page of search results from the server.
An LDAP control is defined as follows:
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL }
The elements of a control include:
- An OID that specifies the type of control.
- A criticality, which indicates whether the control should be considered a critical part of the operation (for example, if the server cannot process the control, the operation should fail).
- An optional value, which can be used to provide additional information about the way the control should be processed.
Sign up or Log in to add a comment or watch this page.