Directory Services |
The LDAP_SERVER_VERIFY_NAME_OID control is used with extended LDAP add and modify requests to instruct the DC accepting the update which DC it should verify with, the existence of any DN attribute values.
To use this control, set the members of the LDAPControl structure as follows:
PWCHAR ldctl_oid = LDAP_SERVER_VERIFY_NAME_OID; struct berval ldctl_value; BOOLEAN ldctl_iscritical;
The Verify Name control is used with the extended search functions, such as ldap_search_ext, to specify the specific server used to verify an object's existence. The ldctl_value field is set to the following BER-encoded sequence:
Sequence { Flags INTEGER ServerName OCTET STRING \\Unicode server string }
The ber_printf routine is used to create the sequence data. The flags portion is set to 0, and the ServerName is a Unicode string that contains the fully qualified DNS name of the server to contact for verification.
When a DN valued attribute is updated with new values, the DC on which the update occurs verifies that an object with the new DN exists somewhere in the forest. The DC will first check to see if the object is held locally, and failing that, the DC will find a GC and ask the GC if it knows about an object with the new DN.
Applications will sometimes need to create an object and at the same time update an attribute on another existing object to add a reference to the newly created object. If both object are on same DC, the application can create the new object and then modify the second object's attribute (adding a reference to the first object) without having to consider replication update times.
However, if the two objects are in different domains and therefore held on two different DCs, when the application attempts to modify the attribute of the second object to add a reference to the first newly created object, it is impossible for the application to know if sufficient time has passed for the newly created object to replicate to the GC used by the second object. The LDAP_SERVER_VERIFY_NAME_OID control allows the application to specify the DN of the newly created object so the verification check performed by the attribute update call of the second object does not fail due to replication update lag.
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Winldap.h.