LDAP_TTL_EXTENDED_OP_OID control code

  • Article

The LDAP_TTL_EXTENDED_OP_OID can be present in the supportedExtensions attribute of the rootDSE of an Active Directory server. If present, it indicates that the Active Directory server provides support for dynamic objects as defined in RFC 2589. It can also be sent to an Active Directory server to refresh a specific Dynamic Object that has already been created. For more information about using this feature of Active Directory, see Dynamic Objects.

To use this extended operation, set the arguments of the call to ldap_extended_operation_s as shown in the following code example.

LDAP* ld,
PCHAR Oid = LDAP_TTL_EXTENDED_OP_OID,
struct berval* Data,
PLDAPControl* ServerControls = NULL,
PLDAPControl* ClientControls = NULL,
PCHAR* ReturnedOid = NULL,
struct berval** ReturnedData

Members

ld

A pointer to the session handle.

Oid

A pointer to the LDAP_TTL_EXTENDED_OP_OID string, defined as "1.3.6.1.4.1.1466.101.119.1".

Data

A value that specifies a BER-encoded sequence of parameters that specifies both the dynamic object name and the desired TTL refresh period. In the berval structure, set bv_val to a pointer to the sequence that contains the dynamic object name and the TTL refresh period, and set bv_len to the length of the sequence. For more information, see the Remarks section.

ServerControls

Set to NULL.

ClientControls

Set to NULL.

ReturnedOid

Set to NULL.

ReturnedData

A pointer to a pointer to a berval structure used to hold returned data.

Remarks

The LDAP_TTL_EXTENDED_OP_OID is used to refresh an Active Directory dynamic object. For more information about creating and refreshing dynamic objects, see Dynamic Objects.

To refresh a specific dynamic object, a BER-encoded sequence of parameters that specifies the object must be created per RFC 2589 as follows.

Sequence {
  entryName         OCTET STRING
  requestTtl        INTEGER
}

entryName

This is an OCTET STRING that specifies the Distinguished Name of the dynamic object. It is encoded in UTF-8 format.

requestTtl

This is an INTEGER that expresses, in seconds, the desired TTL (range is from 1 to 31557600) of the dynamic object. Servers are not required to accept this value and may return a different TTL value to the client. Clients must be able to use a returned server-dictated TTL value in place of the one submitted.

If a new TTL value is returned by a server in response to a client's LDAP_TTL_EXTENDED_OP_OID extended operation request, the value will be returned as a BER-encoded sequence as follows.

Sequence {
  responseTTL       INTEGER
}

responseTTL

This is an INTEGER that expresses the server-dictated TTL value in seconds of the dynamic object. It will be equal to or greater than the client-requested value under normal circumstances. However, servers are permitted to reduce a large client-requested TTL value in order to prevent clients from abusing the dynamic extensions. In this later case the minimum value that a server can reduce a TTL value is down to 86400 seconds (24 hours).

Requirements
Minimum supported client
 Windows Vista
Minimum supported server
 Windows Server 2008
Header
Winldap.h