Controls provide a mechanism whereby the semantics and arguments of existing LDAP operations may be extended. One or more controls may be attached to a single LDAP message. A control only affects the semantics of the message it is attached to. Controls sent by clients are termed request controls, and those sent by servers are termed response controls. OpenDJ software supports the following LDAP controls. Assertion Request Control LDAP controls Assertion Object Identifier: 1.3.6.1.1.12 RFC: RFC 4528 - Lightweight Directory Access Protocol (LDAP) Assertion Control Authorization Identity Request Control LDAP controls Authorization identity Object Identifier: 2.16.840.1.113730.3.4.16 RFC: RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls Authorization Identity Response Control LDAP controls Authorization identity Object Identifier: 2.16.840.1.113730.3.4.15 RFC: RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls Entry Change Notification Response Control LDAP controls Entry change notification Object Identifier: 2.16.840.1.113730.3.4.7 Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change Notification Mechanism Get Effective Rights Request Control LDAP controls Get effective rights Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2 Internet-Draft: draft-ietf-ldapext-acl-model - Access Control Model for LDAPv3 Manage DSAIT Request Control LDAP controls Manage DSAIT Object Identifier: 2.16.840.1.113730.3.4.2 RFC: RFC 3296 - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories Matched Values Request Control LDAP controls Matched values Object Identifier: 1.2.826.0.1.3344810.2.3 RFC: RFC 3876 - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) Password Expired Response Control LDAP controls Password expired Object Identifier: 2.16.840.1.113730.3.4.4 Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories Password Expiring Response Control LDAP controls Password expiring Object Identifier: 2.16.840.1.113730.3.4.5 Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories Password Policy Response Control LDAP controls Password policy Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1 Internet-Draft: draft-behera-ldap-password-policy - Password Policy for LDAP Directories Permissive Modify Request Control LDAP controls Permissive modify Object Identifier: 1.2.840.113556.1.4.1413 Microsoft defined this control that, "Allows an LDAP modify to work under less restrictive conditions. Without it, a delete will fail if an attribute done not exist, and an add will fail if an attribute already exists. No data is needed in this control." (source of quote) Persistent Search Request Control LDAP controls Persistent search Object Identifier: 2.16.840.1.113730.3.4.3 Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change Notification Mechanism Post-Read Request Control LDAP controls Post-read Object Identifier: 1.3.6.1.1.13.2 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Post-Read Response Control LDAP controls Post-read Object Identifier: 1.3.6.1.1.13.2 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Pre-Read Request Control LDAP controls Pre-read Object Identifier: 1.3.6.1.1.13.1 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Pre-Read Response Control LDAP controls Pre-read Object Identifier: 1.3.6.1.1.13.1 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Proxied Authorization v1 Request Control LDAP controls Proxied authorization Object Identifier: 2.16.840.1.113730.3.4.12 Internet-Draft: draft-weltman-ldapv3-proxy-04 - LDAP Proxied Authorization Control Proxied Authorization v2 Request Control LDAP controls Proxied authorization Object Identifier: 2.16.840.1.113730.3.4.18 RFC: RFC 4370 - Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control Public Changelog Exchange Control LDAP controls Public changelog exchange Object Identifier: 1.3.6.1.4.1.26027.1.5.4 OpenDJ specific, for using the bookmark cookie when reading the external change log. Server Side Sort Request Control LDAP controls Server side sort Object Identifier: 1.2.840.113556.1.4.473 RFC: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results Server Side Sort Response Control LDAP controls Server side sort Object Identifier: 1.2.840.113556.1.4.474 RFC: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results Simple Paged Results Control LDAP controls Simple paged results Object Identifier: 1.2.840.113556.1.4.319 RFC: RFC 2696 - LDAP Control Extension for Simple Paged Results Manipulation Subentries Request Controls LDAP controls Subentries Object Identifier: 1.3.6.1.4.1.4203.1.10.1 RFC: Subentries in the Lightweight Directory Access Protocol (LDAP) Object Identifier: 1.3.6.1.4.1.7628.5.101.1 Internet-Draft: draft-ietf-ldup-subentry - LDAP Subentry Schema Subtree Delete Request Control LDAP controls Subtree delete Object Identifier: 1.2.840.113556.1.4.805 Internet-Draft: draft-armijo-ldap-treedelete - Tree Delete Control Virtual List View Request Control LDAP controls Virtual list view (browsing) Object Identifier: 2.16.840.1.113730.3.4.9 Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View Browsing of Search Results Virtual List View Response Control LDAP controls Virtual list view (browsing) Object Identifier: 2.16.840.1.113730.3.4.10 Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View Browsing of Search Results