LDAP_SERVER_ASQ_OID control code
The LDAP_SERVER_ASQ_OID control is used with an extended LDAP search function to force the query to be based on a specific DN-valued attribute. Only one source attribute can be specified with this control and the search request is limited to base object scoped queries.
To use this control, set the members of the LDAPControl structure as follows.
PWCHAR ldctl_oid = LDAP_SERVER_ASQ_OID;
struct berval ldctl_value;
BOOLEAN ldctl_iscritical;
Members
-
ldctl_oid
-
Pointer to a wide, null-terminated string, LDAP_SERVER_ASQ_OID, defined as "1.2.840.113556.1.4.1504".
-
ldctl_value
-
Specifies the DN name of the desired attribute used to base the search query on. In the berval structure, set bv_val to a pointer to a BER-encoded sequence that contains the attribute DN name in UTF-8 format, and set bv_len to the length of the sequence. For more information, see the Remarks section.
When this control is returned by the server, the berval structure contains a BER-encoded enumeration that indicates the status of the search results. For more information, see the Remarks section.
-
ldctl_iscritical
-
Can be TRUE or FALSE depending on whether the search results call is critical to your application.
Remarks
The Attribute Scoped Query (ASQ) control is used with the extended search functions, such as ldap_search_ext, to set the search base to the specified attribute. This control must be exclusively used with a SearchRequest message and is ignored if used otherwise. However, if the criticality field is set to TRUE and the control is used with other than the SearchRequest message, the request fails and returns an UnsupportedCriticalExtension error:
The ldctl_value field in the searchRequest message is set to the following BER-encoded sequence:
Sequence {
sourceAttribute OCTET STRING
}
The ber_printf function is used to create the sequence data. The sourceAttribute field is a UTF-8 string that contains the DN name of the attribute the search request is based on:
The ldctl_value in the SearchResponse message is an Octet String and wraps the BER-encoded version of the following.
Sequence {
searchResults ENUM
}
The searchResult enumeration is as listed in the following table.
| searchResult | Description |
|---|---|
| success [0] |
Search results are returned for all referenced objects. |
| invalidAttributeSyntax [21] |
Value of the attribute specified for the search are not a proper DN value and cannot be resolved. |
| unwillingToPerform [53] |
The search scope was not set to base object. |
| affectsMultipleDSAs [71] |
Partial results were returned, but not all data was available to the local server. |
The search results consist of each value of the multi-value DN-valued attribute returned as a result entry with all of the attributes specified in the attribute list of the search request. If any of the attribute values in the search result are not available on the local DSA, the search results include all of the attributes that are locally available, and the searchResult return value is set to the affectsMultipleDSAs error code to indicate that some data that might be otherwise available is not present in the results.
Note
For more information about using attribute scoped queries with Active Directory servers, see Performing an Attribute Scoped Query.
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Header |
|