LDAP servers often add support for additional functionality via controls and extended operations.
These can be useful when integrating a connected system via an LDAP shim (LDAP, AD, MDAD, etc.)

Some controls are enabled by the shim by default or by detection of server functionality during auth.

However, there are additional controls that could be useful to be enabled.

As with the REST driver, it could be possible to support enable/disable of LDAP controls on a per command basis using driver-operation-data.

Several LDAP controls have been mentioned in previous enhancement requests, bugs and forum posts. This suggestion is about a more generic way to solve all these problems. Especially as OIDs for such controls vary from vendor to vendor.

Examples include permissive modify, subtree delete, proxy

Proposal is that only "stateless" controls are supported. i.e. controls that only impact the current operation/command.

Controls which require additional configuration that could not be represented in an equivalent LDIF or need to establish a persistent session with the server conflict shall not be supported.

by: Alex M. | over a year ago | Other