| Directory Services |
While session support can be initiated, maintained, and terminated without a single LDAP control or extended operation included in the DSML operations, the typical usage of a DSML session is to support LDAP controls and extended operations, which require a session to handle the multiple request-response communications.
To help determine when DSML sessions are required, LDAP controls and extended operations are categorized into four types:
For example, a page size control or VLV control.
For example, tombstone, sort, or dirsync controls.
Because the LDAP control mechanism is extensible, you can create a new LDAP control or an extended operation that is not recognized by the DSML V2 server.
Controls not supported by the server.
The following table lists behavior that can be expected in session and stateless requests.
| Control type | Session request | Stateless request |
|---|---|---|
| Session support required controls | Allowed. | Forbidden. Error response will be generated. |
| Stateless controls | Allowed. Behavior should be identical to stateless. | Allowed. |
| Unknown controls | Allowed. | Forbidden. Error reponse will be generated. |
| Forbidden controls | Forbidden. Error response will be generated. | Forbidden. Error response will be generated. |
The following table lists the set of LDAP controls and extended operations that are currently supported in Active Directory.
| LDAP OID | Name | Description | Control type |
|---|---|---|---|
| 1.2.840.113556.1.4.319 | LDAP_PAGED_RESULT_OID_STRING | Paged search control | Session required |
| 1.2.840.113556.1.4.417 | LDAP_SERVER_SHOW_DELETED_OID | Show deleted control | Stateless |
| 1.2.840.113556.1.4.473 | LDAP_SERVER_SORT_OID | Server sort control | Stateless |
| 1.2.840.113556.1.4.521 | LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID | Cross-domain move control | Stateless |
| 1.2.840.113556.1.4.528 | LDAP_SERVER_NOTIFICATION_OID | Server search notification control | Stateless |
| 1.2.840.113556.1.4.529 | LDAP_SERVER_EXTENDED_DN_OID | Extended DN control | Stateless |
| 1.2.840.113556.1.4.619 | LDAP_SERVER_LAZY_COMMIT_OID | Lazy commit control | Stateless |
| 1.2.840.113556.1.4.801 | LDAP_SERVER_SD_FLAGS_OID | Security descriptor flags control | Stateless |
| 1.2.840.113556.1.4.805 | LDAP_SERVER_TREE_DELETE_OID | Tree delete control | Stateless |
| 1.2.840.113556.1.4.841 | LDAP_SERVER_DIRSYNC_OID | Directory synchronization control | Stateless |
| 1.2.840.113556.1.4.970 | --- | Get stats control (internal) | Stateless |
| 1.2.840.113556.1.4.1338 | LDAP_SERVER_VERIFY_NAME_OID | Verify name control | Stateless |
| 1.2.840.113556.1.4.1339 | LDAP_SERVER_DOMAIN_SCOPE_OID | Domain scope control | Stateless |
| 1.2.840.113556.1.4.1340 | LDAP_SERVER_SEARCH_OPTIONS_OID | Search options control | Stateless |
| 1.2.840.113556.1.4.1413 | LDAP_SERVER_PERMISSIVE_MODIFY_OID | Permissive modify control | Stateless |
| 1.2.840.113556.1.4.1504 | LDAP_SERVER_ASQ_OID | Attribute scoped query control | Stateless |
| 1.2.840.113556.1.4.1781 | LDAP_SERVER_FAST_BIND_OID | Fast concurrent bind extended operation | Forbidden |
| 1.3.6.1.4.1.1466.101.119.1 | --- | TTL refresh extended operation | Stateless |
| 1.3.6.1.4.1.1466.20037 | LDAP_START_TLS_OID | Start TLS extended operation | Forbidden |
| 2.16.840.1.113730.3.4.9 | LDAP_CONTROL_VLVREQUEST | VLV request control | Session required |