LDAP ControlsControls provide a mechanism whereby the semantics and arguments of
existing LDAP operations may be extended. One or more controls may be
attached to a single LDAP message. A control only affects the semantics of
the message it is attached to. Controls sent by clients are termed
request controls, and those sent by servers are termed
response controls.OpenDJ software supports the following LDAP controls.Account Usability ControlLDAP controlsAccount usabilityObject Identifier: 1.3.6.1.4.1.42.2.27.9.5.8Control originally provided by Sun Microsystems, used to determine
whether a user account can be used to authenticate to the directory.Assertion Request ControlLDAP controlsAssertionObject Identifier: 1.3.6.1.1.12RFC: RFC 4528
- Lightweight Directory Access Protocol (LDAP) Assertion Control
Authorization Identity Request ControlLDAP controlsAuthorization identityObject Identifier: 2.16.840.1.113730.3.4.16RFC: RFC 3829
- Lightweight Directory Access Protocol (LDAP) Authorization Identity
Request and Response ControlsAuthorization Identity Response ControlLDAP controlsAuthorization identityObject Identifier: 2.16.840.1.113730.3.4.15RFC: RFC 3829
- Lightweight Directory Access Protocol (LDAP) Authorization Identity
Request and Response ControlsEntry Change Notification Response ControlLDAP controlsEntry change notificationObject Identifier: 2.16.840.1.113730.3.4.7Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change
Notification MechanismGet Effective Rights Request ControlLDAP controlsGet effective rightsObject Identifier: 1.3.6.1.4.1.42.2.27.9.5.2Internet-Draft: draft-ietf-ldapext-acl-model - Access Control Model for LDAPv3
Manage DSAIT Request ControlLDAP controlsManage DSAITObject Identifier: 2.16.840.1.113730.3.4.2RFC: RFC 3296
- Named Subordinate References in Lightweight Directory Access Protocol
(LDAP) DirectoriesMatched Values Request ControlLDAP controlsMatched valuesObject Identifier: 1.2.826.0.1.3344810.2.3RFC: RFC 3876
- Returning Matched Values with the Lightweight Directory Access Protocol
version 3 (LDAPv3)No-Op ControlLDAP controlsNo-opObject Identifier: 1.3.6.1.4.1.4203.1.10.2Internet-Draft: draft-zeilenga-ldap-noop - LDAP No-Op ControlPassword Expired Response ControlLDAP controlsPassword expiredObject Identifier: 2.16.840.1.113730.3.4.4Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories
Password Expiring Response ControlLDAP controlsPassword expiringObject Identifier: 2.16.840.1.113730.3.4.5Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories
Password Policy Response ControlLDAP controlsPassword policyObject Identifier: 1.3.6.1.4.1.42.2.27.8.5.1Internet-Draft: draft-behera-ldap-password-policy - Password Policy for LDAP
DirectoriesPermissive Modify Request ControlLDAP controlsPermissive modifyObject Identifier: 1.2.840.113556.1.4.1413Microsoft defined this control that, "Allows an LDAP modify to work
under less restrictive conditions. Without it, a delete will fail if an
attribute done not exist, and an add will fail if an attribute already
exists. No data is needed in this control." (source of quote)Persistent Search Request ControlLDAP controlsPersistent searchObject Identifier: 2.16.840.1.113730.3.4.3Internet-Draft:
draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change
Notification MechanismPost-Read Request ControlLDAP controlsPost-readObject Identifier: 1.3.6.1.1.13.2RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Post-Read Response ControlLDAP controlsPost-readObject Identifier: 1.3.6.1.1.13.2RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Pre-Read Request ControlLDAP controlsPre-readObject Identifier: 1.3.6.1.1.13.1RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Pre-Read Response ControlLDAP controlsPre-readObject Identifier: 1.3.6.1.1.13.1RFC: RFC 4527
- Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Proxied Authorization v1 Request ControlLDAP controlsProxied authorizationObject Identifier: 2.16.840.1.113730.3.4.12Internet-Draft: draft-weltman-ldapv3-proxy-04 - LDAP Proxied Authorization Control
Proxied Authorization v2 Request ControlLDAP controlsProxied authorizationObject Identifier: 2.16.840.1.113730.3.4.18RFC: RFC 4370
- Lightweight Directory Access Protocol (LDAP) Proxied Authorization
ControlPublic Changelog Exchange ControlLDAP controlsPublic changelog exchangeObject Identifier: 1.3.6.1.4.1.26027.1.5.4OpenDJ specific, for using the bookmark cookie when reading
the external change log.Server Side Sort Request ControlLDAP controlsServer side sortObject Identifier: 1.2.840.113556.1.4.473RFC: RFC 2891
- LDAP Control Extension for Server Side Sorting of Search Results
Server Side Sort Response ControlLDAP controlsServer side sortObject Identifier: 1.2.840.113556.1.4.474RFC: RFC 2891
- LDAP Control Extension for Server Side Sorting of Search Results
Simple Paged Results ControlLDAP controlsSimple paged resultsObject Identifier: 1.2.840.113556.1.4.319RFC: RFC 2696
- LDAP Control Extension for Simple Paged Results Manipulation
Subentries Request ControlsLDAP controlsSubentriesObject Identifier: 1.3.6.1.4.1.4203.1.10.1RFC: Subentries in the Lightweight Directory Access Protocol (LDAP)Object Identifier: 1.3.6.1.4.1.7628.5.101.1Internet-Draft: draft-ietf-ldup-subentry - LDAP Subentry SchemaSubtree Delete Request ControlLDAP controlsSubtree deleteObject Identifier: 1.2.840.113556.1.4.805Internet-Draft: draft-armijo-ldap-treedelete - Tree Delete ControlVirtual List View Request ControlLDAP controlsVirtual list view (browsing)Object Identifier: 2.16.840.1.113730.3.4.9Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View
Browsing of Search ResultsVirtual List View Response ControlLDAP controlsVirtual list view (browsing)Object Identifier: 2.16.840.1.113730.3.4.10Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View
Browsing of Search Results