3.1.5.3 Retrieving Connection Policy Objects
This section specifies the processing events and sequencing for an administrator to retrieve existing connection policy objects.
The Deployed Printer Connections administrative tool plug-in sends a single policy retrieval message by using an LDAP SearchRequest message ([RFC2251] section 4.5) to read the extension-specific data from the LDAP directory store.
The policy retrieval message uses LDAP as a transport. Authentication MUST be either Kerberos with credentials in Unicode for computer policy mode, or the SPNEGO Extension specified in [MS-SPNG] for user policy mode. This message allows the client to query Active Directory for printer connections settings that are associated with the GPO.
The following protocol sequences MUST be generated for this message:
An LDAP BindRequest message MUST be sent from the client to Active Directory, and an LDAP BindResponse message MUST be sent to the client in reply. The parameters of the BindRequest MUST include a zero-length string for the DN parameter, and the authentication choice MUST be either Kerberos for computer policy mode, or SPNEGO for user policy mode. The value of the version field MUST be 3.
After the client receives a successful BindResponse message, the client MUST send an LDAP SearchRequest message to Active Directory with the parameters specified in section 2.2.3.1.
A successful search response ([RFC2251] section 4.5.2) MUST consist of zero or more LDAP SearchResultEntry messages, followed by one LDAP SearchResponseDone message. One LDAP SearchResultEntry message MUST be returned for each msPrint-ConnectionPolicy object found in the PushedPrinterConnections container that is identified by the baseObject parameter of the LDAP SearchRequest.
Each LDAP SearchResultEntry message MUST have the parameters specified in section 2.2.3.2.
An LDAP UnbindRequest MUST be made by the client to close the connection.