3.1.1.3.4.1.18 LDAP_SERVER_ASQ_OID
The LDAP_SERVER_ASQ_OID control is used with an LDAP search operation. When this control is used, the search is not performed against the object specified in the search, or the objects located underneath that object, but rather against the set of objects named by an attribute of Object(DS-DN) syntax that is located on the object specified by the base DN of the search request. The specific attribute to use to scope the search is named in the control. Only searches of base object scope can be used with the LDAP_SERVER_ASQ_OID control.
For example, suppose there is an object o and a multivalued attribute A of Object(DS-DN) syntax such that o.A contains the DNs of objects o1, o2, and o3. An LDAP base-scope search operation that targets object o, with the LDAP_SERVER_ASQ_OID control attached and specifying the A attribute, will cause the server to perform the search not against object o but against objects o1, o2, and o3.
When sending this control to the DC, the controlValue field is set to the BER encoding of the following ASN.1 structure:
-
ASQRequestValue ::= SEQUENCE { sourceAttribute OCTET STRING }
where sourceAttribute is a UTF-8 string that specifies the LDAP display name of the attribute to use to scope the search (for example, attribute A in the previous example).
When the server receives a search request with the LDAP_SERVER_ASQ_OID control attached to it, it includes a response control in the search response. The controlType field of the returned Control structure is set to the OID of the LDAP_SERVER_ASQ_OID control, and the controlValue is the BER encoding of the following ASN.1 structure:
-
ASQResponseValue ::= SEQUENCE { searchResults ENUMERATED { success (0), invalidAttributeSyntax (21), unwillingToPerform (53), affectsMultipleDSAs (71) }, }
where the meaning of searchResults is as indicated in the following table.
|
searchResult name |
searchResult value |
Description |
|---|---|---|
|
success |
0 |
Search results are returned for all objects referenced by sourceAttribute. |
|
invalidAttributeSyntax |
21 |
sourceAttribute is not of Object(DS-DN) syntax. |
|
unwillingToPerform |
53 |
The search scope was not set to base object scope. |
|
affectsMultipleDSAs |
71 |
Partial results were returned, but not all the objects were available on the DC. |
The search results consist of each object that is specified by the sourceAttribute attribute, and that matches the search filter returned as a SearchResultEntry (defined in [RFC2251] section 4.5.2) containing the attributes specified in the attribute list of the search request. If any of the objects specified by sourceAttribute are not available on the DC, the search results include all of the objects that are available on the DC, and the searchResults return value is set to the affectsMultipleDSAs error code to indicate that some data that might be otherwise available is not present in the results.