Chapter 11. Chaining LDAP controls
LDAP operations can contains some data (named control and specified in the ldap protocol) that change their behavior. You can specify which LDAP controls to forward to the remote server.
11.1. About chaining LDAP controls
The database link forwards requests containing the following controls to the remote server for chaining LDAP controls:
-
The
Virtual List View (VLV)
control provides lists of certain entries. -
The
Server-side sorting
control categorizes entries according to their attribute values, usually by using a specific matching rule. -
The
Dereferencing
control pulls specified attribute information from the referenced entry and returns this information with the rest of the search results. -
The
Managed DSA
controls returns smart referrals as entries, rather than following these referrals. Therefore, a smart referral itself can be changed or deleted. -
The
Loop detection
control tracks how many times a server chains with another server. When the count reaches the configured number,Loop detection
detects a loop and notifies the client application.
Database links cannot support Server-side sorting
and VLV
controls when a client application makes a request to multiple databases.
The following are some of the LDAP
controls that are allowed to chain and their object identifiers (OID):
Control Name | OID |
---|---|
Virtual list view (VLV) | 2.16.840.1.113730.3.4.9 |
Server-side sorting | 1.2.840.113556.1.4.473 |
Managed DSA | 2.16.840.1.113730.3.4.2 |
Loop detection | 1.3.6.1.4.1.1466.29539.12 |
Dereferencing searches | 1.3.6.1.4.1.4203.666.5.16 |
11.2. Chaining LDAP controls using the command line
You can chain LDAP
controls by using dsconf chaining config-set --add-control
in the command line.
Procedure
Chain
LDAP
controls:# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining \ config-set --add-control="2.16.840.1.113730.3.4.9"
Add the object identifier (OID) of the custom control if clients of Directory Server create their own controls and chain there operations to remote servers.
11.3. Chaining LDAP controls using the web console
You can chain LDAP
controls by using the web console.
Prerequisites
- You have opened the Directory Server user interface in the web console and selected the instance.
Procedure
-
Open the
Database
menu. -
Select the
Chaining Configuration
entry. -
Click
Forwarded LDAP Controls
field. button below the Select the LDAP control and click
button.Add the object identifier (OID) of the custom control if clients of Directory Server create their own controls and chain there operations to remote servers.
- Click button.
Verification
-
Click the
Database
menu and ensure that the selectedLDAP
control is chained.