LDAP Controls and Session Support

A DSML session is typically used to support LDAP controls and extended operations. The session is required to handle the multiple request-response communications.

To help determine when DSML sessions are required, LDAP controls and extended operations are categorized into four types:

  • Session support required

    For example, a page size control or VLV control.

  • Stateless controls

    For example, tombstone, sort, or dirsync controls.

  • Unknown controls

    Because the LDAP control mechanism is extensible, you can create a new LDAP control or an extended operation that is not recognized by the DSML V2 server.

  • Forbidden controls

    Controls not supported by the server.

The following table lists behavior that can be expected in session and stateless requests.

Control type Session request Stateless request
Session support required controls Allowed. Forbidden. Error response will be generated.
Stateless controls Allowed. Behavior should be identical to stateless. Allowed.
Unknown controls Allowed. Forbidden. Error response will be generated.
Forbidden controls Forbidden. Error response will be generated. Forbidden. Error response will be generated.


LDAP Controls and Extended Operations supported by Active Directory

The following table lists the set of LDAP controls and extended operations that are currently supported in Active Directory.

LDAP OID Name Description Control type
1.2.840.113556.1.4.319 LDAP_PAGED_RESULT_OID_STRING Paged search control Session required
1.2.840.113556.1.4.417 LDAP_SERVER_SHOW_DELETED_OID Show deleted control Stateless
1.2.840.113556.1.4.473 LDAP_SERVER_SORT_OID Server sort control Stateless
1.2.840.113556.1.4.521 LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID Cross-domain move control Stateless
1.2.840.113556.1.4.528 LDAP_SERVER_NOTIFICATION_OID Server search notification control Forbidden
1.2.840.113556.1.4.529 LDAP_SERVER_EXTENDED_DN_OID Extended DN control Stateless
1.2.840.113556.1.4.619 LDAP_SERVER_LAZY_COMMIT_OID Lazy commit control Stateless
1.2.840.113556.1.4.801 LDAP_SERVER_SD_FLAGS_OID Security descriptor flags control Stateless
1.2.840.113556.1.4.805 LDAP_SERVER_TREE_DELETE_OID Tree delete control Stateless
1.2.840.113556.1.4.841 LDAP_SERVER_DIRSYNC_OID Directory synchronization control Stateless
1.2.840.113556.1.4.970 None Get stats control Stateless
1.2.840.113556.1.4.1338 LDAP_SERVER_VERIFY_NAME_OID Verify name control Stateless
1.2.840.113556.1.4.1339 LDAP_SERVER_DOMAIN_SCOPE_OID Domain scope control Stateless
1.2.840.113556.1.4.1340 LDAP_SERVER_SEARCH_OPTIONS_OID Search options control Stateless
1.2.840.113556.1.4.1413 LDAP_SERVER_PERMISSIVE_MODIFY_OID Permissive modify control Stateless
1.2.840.113556.1.4.1504 LDAP_SERVER_ASQ_OID Attribute scoped query control Stateless
1.2.840.113556.1.4.1781 LDAP_SERVER_FAST_BIND_OID Fast concurrent bind extended operation Forbidden LDAP_TTL_EXTENDED_OP_OID TTL refresh extended operation Stateless LDAP_START_TLS_OID Start TLS extended operation Forbidden
2.16.840.1.113730.3.4.9 LDAP_CONTROL_VLVREQUEST VLV request control Session required