LDAP Controls Controls provide a mechanism whereby the semantics and arguments of existing LDAP operations may be extended. One or more controls may be attached to a single LDAP message. A control only affects the semantics of the message it is attached to. Controls sent by clients are termed request controls, and those sent by servers are termed response controls. OpenDJ software supports the following LDAP controls: Account Usability Control Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.8 Control originally provided by Sun Microsystems, used to determine whether a user account can be used to authenticate to the directory. Assertion request control Object Identifier: 1.3.6.1.1.12 RFC: RFC 4528 - Lightweight Directory Access Protocol (LDAP) Assertion Control Authorization Identity request control Object Identifier: 2.16.840.1.113730.3.4.16 RFC: RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls Authorization Identity response control Object Identifier: 2.16.840.1.113730.3.4.15 RFC: RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls Entry Change Notification response control Object Identifier: 2.16.840.1.113730.3.4.7 Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change Notification Mechanism Get Effective Rights request control Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2 Internet-Draft: draft-ietf-ldapext-acl-model - Access Control Model for LDAPv3 Manage DSAIT request control Object Identifier: 2.16.840.1.113730.3.4.2 RFC: RFC 3296 - Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories Matched Values request control Object Identifier: 1.2.826.0.1.3344810.2.3 RFC: RFC 3876 - Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) No-Op Control Object Identifier: 1.3.6.1.4.1.4203.1.10.2 Internet-Draft: draft-zeilenga-ldap-noop - LDAP No-Op Control Password Expired response control Object Identifier: 2.16.840.1.113730.3.4.4 Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories Password Expiring response control Object Identifier: 2.16.840.1.113730.3.4.5 Internet-Draft: draft-vchu-ldap-pwd-policy - Password Policy for LDAP Directories Password Policy response control Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1 Internet-Draft: draft-behera-ldap-password-policy - Password Policy for LDAP Directories Permissive Modify request control Object Identifier: 1.2.840.113556.1.4.1413 Microsoft defined this control that, "Allows an LDAP modify to work under less restrictive conditions. Without it, a delete will fail if an attribute done not exist, and an add will fail if an attribute already exists. No data is needed in this control." (source of quote) Persistent Search request control Object Identifier: 2.16.840.1.113730.3.4.3 Internet-Draft: draft-ietf-ldapext-psearch - Persistent Search: A Simple LDAP Change Notification Mechanism Post-Read request control Object Identifier: 1.3.6.1.1.13.2 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Post-Read response control Object Identifier: 1.3.6.1.1.13.2 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Pre-Read request control Object Identifier: 1.3.6.1.1.13.1 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Pre-Read response control Object Identifier: 1.3.6.1.1.13.1 RFC: RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls Proxied Authorization v1 request control Object Identifier: 2.16.840.1.113730.3.4.12 Internet-Draft: draft-weltman-ldapv3-proxy-04 - LDAP Proxied Authorization Control Proxied Authorization v2 request control Object Identifier: 2.16.840.1.113730.3.4.18 RFC: RFC 4370 - Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control Public Changelog Exchange Control Object Identifier: 1.3.6.1.4.1.26027.1.5.4 OpenDJ specific, for using the bookmark cookie when reading the external change log. Server-Side Sort request control Object Identifier: 1.2.840.113556.1.4.473 RFC: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results Server-Side Sort response control Object Identifier: 1.2.840.113556.1.4.474 RFC: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results Simple Paged Results Control Object Identifier: 1.2.840.113556.1.4.319 RFC: RFC 2696 - LDAP Control Extension for Simple Paged Results Manipulation Subentries request controls Object Identifier: 1.3.6.1.4.1.4203.1.10.1 RFC: Subentries in the Lightweight Directory Access Protocol (LDAP) Object Identifier: 1.3.6.1.4.1.7628.5.101.1 Internet-Draft: draft-ietf-ldup-subentry - LDAP Subentry Schema Subtree Delete request control Object Identifier: 1.2.840.113556.1.4.805 Internet-Draft: draft-armijo-ldap-treedelete - Tree Delete Control Virtual List View request control Object Identifier: 2.16.840.1.113730.3.4.9 Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View Browsing of Search Results Virtual List View response control Object Identifier: 2.16.840.1.113730.3.4.10 Internet-Draft: draft-ietf-ldapext-ldapv3-vlv - LDAP Extensions for Scrolling View Browsing of Search Results The LDAP Relax Rules Control Object Identifier: 1.3.6.1.4.1.4203.666.5.12 Internet-Draft: ddraft-zeilenga-ldap-relax-03 - The LDAP Relax Rules Control Standards, RFCs, & Internet-Drafts LDAP Extended Operations