LDAP Controls and Session Support (Windows)

MSDN Library
Win32 and COM Development
Administration and Management
Directory, Identity, and Access Services
Directory Services
Directory Access Technologies
DSML Services for Windows
About DSML Services for Windows
DSML Services for Windows Architecture
DSML Services for Windows Session Support

DSML SOAP Session Support
Session Support Example
Session Characteristics

LDAP Controls and Session Support

Related Links

DSML Services for Windows Architecture

LDAP Controls and Session Support

LDAP Controls and Session Support

A DSML session is typically used to support LDAP controls and extended operations. The session is required to handle the multiple request-response communications.

To help determine when DSML sessions are required, LDAP controls and extended operations are categorized into four types:

Session support required
For example, a page size control or VLV control.
Stateless controls
For example, tombstone, sort, or dirsync controls.
Unknown controls
Because the LDAP control mechanism is extensible, you can create a new LDAP control or an extended operation that is not recognized by the DSML V2 server.
Forbidden controls
Controls not supported by the server.

The following table lists behavior that can be expected in session and stateless requests.

Control type	Session request	Stateless request
Session support required controls	Allowed.	Forbidden. Error response will be generated.
Stateless controls	Allowed. Behavior should be identical to stateless.	Allowed.
Unknown controls	Allowed.	Forbidden. Error response will be generated.
Forbidden controls	Forbidden. Error response will be generated.	Forbidden. Error response will be generated.

LDAP Controls and Extended Operations supported by Active Directory

The following table lists the set of LDAP controls and extended operations that are currently supported in Active Directory.

LDAP OID	Name	Description	Control type
1.2.840.113556.1.4.319	LDAP_PAGED_RESULT_OID_STRING	Paged search control	Session required
1.2.840.113556.1.4.417	LDAP_SERVER_SHOW_DELETED_OID	Show deleted control	Stateless
1.2.840.113556.1.4.473	LDAP_SERVER_SORT_OID	Server sort control	Stateless
1.2.840.113556.1.4.521	LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID	Cross-domain move control	Stateless
1.2.840.113556.1.4.528	LDAP_SERVER_NOTIFICATION_OID	Server search notification control	Forbidden
1.2.840.113556.1.4.529	LDAP_SERVER_EXTENDED_DN_OID	Extended DN control	Stateless
1.2.840.113556.1.4.619	LDAP_SERVER_LAZY_COMMIT_OID	Lazy commit control	Stateless
1.2.840.113556.1.4.801	LDAP_SERVER_SD_FLAGS_OID	Security descriptor flags control	Stateless
1.2.840.113556.1.4.805	LDAP_SERVER_TREE_DELETE_OID	Tree delete control	Stateless
1.2.840.113556.1.4.841	LDAP_SERVER_DIRSYNC_OID	Directory synchronization control	Stateless
1.2.840.113556.1.4.970	None	Get stats control	Stateless
1.2.840.113556.1.4.1338	LDAP_SERVER_VERIFY_NAME_OID	Verify name control	Stateless
1.2.840.113556.1.4.1339	LDAP_SERVER_DOMAIN_SCOPE_OID	Domain scope control	Stateless
1.2.840.113556.1.4.1340	LDAP_SERVER_SEARCH_OPTIONS_OID	Search options control	Stateless
1.2.840.113556.1.4.1413	LDAP_SERVER_PERMISSIVE_MODIFY_OID	Permissive modify control	Stateless
1.2.840.113556.1.4.1504	LDAP_SERVER_ASQ_OID	Attribute scoped query control	Stateless
1.2.840.113556.1.4.1781	LDAP_SERVER_FAST_BIND_OID	Fast concurrent bind extended operation	Forbidden
1.3.6.1.4.1.1466.101.119.1	None	TTL refresh extended operation	Stateless
1.3.6.1.4.1.1466.20037	LDAP_START_TLS_OID	Start TLS extended operation	Forbidden
2.16.840.1.113730.3.4.9	LDAP_CONTROL_VLVREQUEST	VLV request control	Session required

Send comments about this topic to Microsoft

Build date: 1/15/2009