Search
SupportConsoleDevelopersStart a trialContact

Chapter 11. Chaining LDAP controls

download PDF

LDAP operations can contains some data (named control and specified in the ldap protocol) that change their behavior. You can specify which LDAP controls to forward to the remote server.

11.1. About chaining LDAP controls

The database link forwards requests containing the following controls to the remote server for chaining LDAP controls:

  • The Virtual List View (VLV) control provides lists of certain entries.
  • The Server-side sorting control categorizes entries according to their attribute values, usually by using a specific matching rule.
  • The Dereferencing control pulls specified attribute information from the referenced entry and returns this information with the rest of the search results.
  • The Managed DSA controls returns smart referrals as entries, rather than following these referrals. Therefore, a smart referral itself can be changed or deleted.
  • The Loop detection control tracks how many times a server chains with another server. When the count reaches the configured number, Loop detection detects a loop and notifies the client application.
Note

Database links cannot support Server-side sorting and VLV controls when a client application makes a request to multiple databases.

The following are some of the LDAP controls that are allowed to chain and their object identifiers (OID):

Control NameOID

Virtual list view (VLV)

2.16.840.1.113730.3.4.9

Server-side sorting

1.2.840.113556.1.4.473

Managed DSA

2.16.840.1.113730.3.4.2

Loop detection

1.3.6.1.4.1.1466.29539.12

Dereferencing searches

1.3.6.1.4.1.4203.666.5.16

11.2. Chaining LDAP controls using the command line

You can chain LDAP controls by using dsconf chaining config-set --add-control in the command line.

Procedure

  1. Chain LDAP controls: 

    # dsconf -D "cn=Directory Manager" ldap://server.example.com chaining \ config-set --add-control="2.16.840.1.113730.3.4.9"

    Add the object identifier (OID) of the custom control if clients of Directory Server create their own controls and chain there operations to remote servers.

11.3. Chaining LDAP controls using the web console

You can chain LDAP controls by using the web console.

Prerequisites

  • You have opened the Directory Server user interface in the web console and selected the instance.

Procedure

  1. Open the Database menu.
  2. Select the Chaining Configuration entry.
  3. Click Add button below the Forwarded LDAP Controls field.

  4. Select the LDAP control and click Add & Save New Controls button.

    Add the object identifier (OID) of the custom control if clients of Directory Server create their own controls and chain there operations to remote servers.

  5. Click Save button.

Verification

  • Click the Database menu and ensure that the selected LDAP control is chained.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.