LDAP ControlsControls provide a mechanism whereby the semantics and arguments of
existing LDAP operations may be extended. One or more controls may be
attached to a single LDAP message. A control only affects the semantics of
the message it is attached to. Controls sent by clients are termed
request controls, and those sent by servers are termed
response controls.OpenDJ software supports the following LDAP controls.Assertion Request ControlObject Identifier: 1.3.6.1.1.12RFC: RFC 4528
- Lightweight Directory Access Protocol (LDAP) Assertion Control
Authorization Identity Request ControlObject Identifier: 2.16.840.1.113730.3.4.16RFC: RFC 3829
- Lightweight Directory Access Protocol (LDAP) Authorization Identity
Request and Response ControlsAuthorization Identity Response ControlObject Identifier: 2.16.840.1.113730.3.4.15RFC: RFC 3829
- Lightweight Directory Access Protocol (LDAP) Authorization Identity
Request and Response ControlsEntry Change Notification Response ControlObject Identifier: 2.16.840.1.113730.3.4.7Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change
Notification MechanismGet Effective Rights Request ControlObject Identifier: 1.3.6.1.4.1.42.2.27.9.5.2Internet-Draft: draft-ietf-ldapext-acl-model - Access Control Model for LDAPv3
Manage DSAIT Request ControlObject Identifier: 2.16.840.1.113730.3.4.2RFC: RFC 3296
- Named Subordinate References in Lightweight Directory Access Protocol
(LDAP) DirectoriesMatched Values Request ControlObject Identifier: 1.2.826.0.1.3344810.2.3RFC: RFC 3876
- Returning Matched Values with the Lightweight Directory Access Protocol
version 3 (LDAPv3)Password Expired Response ControlObject Identifier: 2.16.840.1.113730.3.4.4Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories
Password Expiring Response ControlObject Identifier: 2.16.840.1.113730.3.4.5Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories
Password Policy Response ControlObject Identifier: 1.3.6.1.4.1.42.2.27.8.5.1Internet-Draft: draft-behera-ldap-password-policy - Password Policy for LDAP
DirectoriesPermissive Modify Request ControlObject Identifier: 1.2.840.113556.1.4.1413Microsoft defined this control that, "Allows an LDAP modify to work
under less restrictive conditions. Without it, a delete will fail if an
attribute done not exist, and an add will fail if an attribute already
exists. No data is needed in this control." (source of quote)Persistent Search Request ControlObject Identifier: 2.16.840.1.113730.3.4.3Internet-Draft:
draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change
Notification MechanismPost-Read Request ControlObject Identifier: 1.3.6.1.1.13.2RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Post-Read Response ControlObject Identifier: 1.3.6.1.1.13.2RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Pre-Read Request ControlObject Identifier: 1.3.6.1.1.13.1RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Pre-Read Response ControlObject Identifier: 1.3.6.1.1.13.1RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Proxied Authorization v1 Request ControlObject Identifier: 2.16.840.1.113730.3.4.12Internet-Draft: draft-weltman-ldapv3-proxy-04 - LDAP Proxied Authorization Control
Proxied Authorization v2 Request ControlObject Identifier: 2.16.840.1.113730.3.4.18RFC: RFC 4370
- Lightweight Directory Access Protocol (LDAP) Proxied Authorization
ControlServer Side Sort Request ControlObject Identifier: 1.2.840.113556.1.4.473RFC: RFC 2891
- LDAP Control Extension for Server Side Sorting of Search Results
Server Side Sort Response ControlObject Identifier: 1.2.840.113556.1.4.474RFC: RFC 2891
- LDAP Control Extension for Server Side Sorting of Search Results
Simple Paged Results ControlObject Identifier: 1.2.840.113556.1.4.319RFC: RFC 2696
- LDAP Control Extension for Simple Paged Results Manipulation
Sub-entries Request ControlObject Identifier: 1.3.6.1.4.1.7628.5.101.1Internet-Draft: draft-ietf-ldup-subentry - LDAP Subentry SchemaSubtree Delete Request ControlObject Identifier: 1.2.840.113556.1.4.805Internet-Draft: draft-armijo-ldap-treedelete - Tree Delete ControlVirtual List View Request ControlObject Identifier: 2.16.840.1.113730.3.4.9Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View
Browsing of Search ResultsVirtual List View Response ControlObject Identifier: 2.16.840.1.113730.3.4.10Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View
Browsing of Search Results