h2. Controls A *Control* is used to extend *LDAP* operations. They can be used for requests and responses. They basically modify the operation's semantics. For instance, when using a _DeleteTree_ *Control* within a delete operation, you will be able to delete not only the entry itself, but also all of its children. Obviously this *Control* has a meaning for the _delete_ operation, not for any other operation. Each server is free to implement the *Controls* it wants, so you have to check if the *Control* you want to use is a supported one. h3. Control Structure A *Control* contains three elements: * An *[DIRAPI:Oid]*, which names the control. * A _criticality_ flag, telling if this control semantics have to be applied. It is only set for a Request. * A value, which is an opaque array of bytes. Each *Control* knows how to decode its value. What is important is that the value has to be encoded before the control is sent to the server (or back to the client, if it is a response's *Control*). If the user does not know about the *Control* semantics, then it is impossible to encode or decode this value. However, usually the *LDAP API* provides the needed controls (or it can be extended). h3. Existing Controls There is a list of existing controls defined in RFC's. Not all controls are supported by all the *LDAP* servers, nor is it mandatory that a *Control* has to be implemented (except for a very few ones). || OID || RFC || Description || | 1.2.840.113549.6.0 | [RFC2649|http://tools.ietf.org/html/rfc2649] | An LDAP Control and Schema for Holding Operation Signatures | | 1.2.840.113556.1.4.319 | [RFC2696|http://tools.ietf.org/html/rfc2696] | LDAP Control Extension for Simple Paged Results Manipulation | | 1.2.840.113556.1.4.473 | [RFC2891|http://tools.ietf.org/html/rfc2891] | LDAP Control Extension for Server Side Sorting of Search Results | | 2.16.840.1.113730.3.2.6 | [RFC3296|http://tools.ietf.org/html/rfc3296] | Named Subordinate References | | 2.16.840.1.113730.3.4.15, 2.16.840.1.113730.3.4.16 | [RFC3829|http://tools.ietf.org/html/rfc3829] | Authorization Identity Request and Response Controls | | 2.16.840.1.113730.3.4.18 | [RFC4370|http://tools.ietf.org/html/rfc4370] | Proxied Authorization Control | | 1.3.6.1.1.13.1, 1.3.6.1.1.13.2 | [RFC4527|http://tools.ietf.org/html/rfc4527] | Read Entry Controls | | 1.3.6.1.1.12 | [RFC4528|http://tools.ietf.org/html/rfc4528] | Assertion Control | | 1.3.6.1.1.22 | [RFC6171|http://tools.ietf.org/html/rfc6171] | Don't Use Copy Control | h4. AD Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) h4. ApacheDS supported controls || OID || Name || Description || | 1.3.6.1.4.1.18060.0.0.1 | Cascade | Used to manage the deletion of schema elements | | 2.16.840.1.113730.3.2.6 | ManageDSAIt | ManageDSA IT control [RFC3296|http://tools.ietf.org/html/rfc3296] | | 1.2.840.113556.1.4.319 | PagedResults | Paged Results control [RFC2696|http://tools.ietf.org/html/rfc2696] | | 2.16.840.1.113730.3.4.3 | PersistentSearch | PersistentSearch request control [psearch draft|http://www3.ietf.org/proceedings/01aug/I-D/draft-ietf-ldapext-psearch-03.txt] | | 2.16.840.1.113730.3.4.7 | EntryChange | PersistentSearch response control ([psearch draft|http://www3.ietf.org/proceedings/01aug/I-D/draft-ietf-ldapext-psearch-03.txt])| | 1.3.6.1.4.1.4203.1.10.1 | Subentries | [RFC3672|http://tools.ietf.org/html/rfc3672] | | 1.3.6.1.4.1.4203.1.9.1.1 | SyncRequestValye | Replication [RFC4533|http://tools.ietf.org/html/rfc4533] | | 1.3.6.1.4.1.4203.1.9.1.2 | SyncStateValue | Replication [RFC4533|http://tools.ietf.org/html/rfc4533] | | 1.3.6.1.4.1.4203.1.9.1.3 | SyncDoneValue | Replication [RFC4533|http://tools.ietf.org/html/rfc4533] | | 1.3.6.1.4.1.4203.1.9.1.4 | SyncInfoValue | Replication [RFC4533|http://tools.ietf.org/html/rfc4533] | | 1.3.6.1.4.1.4203.1.9.1.5 | SyncModifyDn | Replication [RFC4533|http://tools.ietf.org/html/rfc4533] | h4. IDS Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) h4. OpenLDAP Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) h4. OpenDJ Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) h4. OpenDS Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) h4. SunDS Supported Controls || OID || Description || | | | | | | | | | | | | | | | (TODO) ...(to be continued)