ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyoids.htm

549 lines
22 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Object identifiers (OIDs)</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" />
<a name="rzahyoids"></a>
<h2 id="rzahyoids">Object identifiers (OIDs)</h2>
<p>The OIDs shown in the following tables are used in the Directory Server.
These OIDs are in the root DSE. The root DSE entry contains information about
the server itself.</p>
<p><span class="bold">Controls</span></p>
<a name="wq406"></a>
<table id="wq406" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 8. Supported Directory Server controls</caption>
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq407" width="23%" align="left" valign="top">Name</th>
<th id="wq408" width="27%" align="left" valign="top">OID</th>
<th id="wq409" width="15%" align="left" valign="top">Earliest or i5/OS or OS/400 release</th>
<th id="wq410" width="14%" align="left" valign="top">Earliest IBM Directory Server version</th>
<th id="wq411" width="20%" align="left" valign="top">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq407">Manage DSA IT</td>
<td headers="wq408">2.16.840.1.1137.30.3.4.2</td>
<td headers="wq409">V4R5</td>
<td headers="wq410">V3.2</td>
<td headers="wq411">Treat referral entries as regular entries.</td>
</tr>
<tr>
<td headers="wq407"><a href="rzahytraco.htm#rzahytraco">Transactions</a></td>
<td headers="wq408">1.3.18.0.2.10.5</td>
<td headers="wq409">V4R5</td>
<td headers="wq410">V3.2</td>
<td headers="wq411">Mark an operation as part of a transaction.</td>
</tr>
<tr>
<td headers="wq407"> os400-dltusrprf-ownobjopt</td>
<td headers="wq408">1.3.18.0.2.10.8</td>
<td headers="wq409">V5R2</td>
<td headers="wq410"></td>
<td headers="wq411">Delete user profile option for object owner. See <a href="rzahyprojbkend.htm#rzahyprojbkend">Operating system projected backend</a> for details.</td>
</tr>
<tr>
<td headers="wq407">os400-dltusrprf-pgpopt</td>
<td headers="wq408">1.3.18.0.2.10.9</td>
<td headers="wq409">V5R2</td>
<td headers="wq410"></td>
<td headers="wq411">Delete user profile option for primary group. See <a href="rzahyprojbkend.htm#rzahyprojbkend">Operating system projected backend</a> for details.</td>
</tr>
<tr>
<td headers="wq407">Sorted search</td>
<td headers="wq408">1.2.840.113556.1.4.473 (request) and 1.2.840.113556.1.4.474
(response)</td>
<td headers="wq409">V5R2 with PTF</td>
<td headers="wq410">V4.1</td>
<td headers="wq411">Sort search results before returning the entries to
the client. See <a href="rzahysearchpar.htm#rzahysearchpar">Search parameters</a>.</td>
</tr>
<tr>
<td headers="wq407">Paged search</td>
<td headers="wq408">1.2.840.113556.1.4.319</td>
<td headers="wq409">V5R2 with PTF</td>
<td headers="wq410">V4.1</td>
<td headers="wq411">Return search results in pages to the client instead
of all at once. See <a href="rzahysearchpar.htm#rzahysearchpar">Search parameters</a>.</td>
</tr>
<tr>
<td headers="wq407">Tree Delete control</td>
<td headers="wq408">1.2.840.113556.1.4.805</td>
<td headers="wq409">V5R3</td>
<td headers="wq410">V5.1</td>
<td headers="wq411">This control is attached to a Delete request to indicate
that the specified entry and all descendant entries are to be deleted. User
must be a directory administrator. The entry to be deleted cannot be a replication
context.</td>
</tr>
<tr>
<td headers="wq407"><a href="rzahypwdpolicy.htm#rzahypwdpolicy">Password policy</a></td>
<td headers="wq408">1.3.6.1.4.1.42.2.27.8.5.1</td>
<td headers="wq409">V5R3</td>
<td headers="wq410">V5.1</td>
<td headers="wq411">Return extra password policy error information to the
client.</td>
</tr>
<tr>
<td headers="wq407">Server administration</td>
<td headers="wq408">1.3.18.0.2.10.15</td>
<td headers="wq409">V5R3</td>
<td headers="wq410">V5.1</td>
<td headers="wq411">Permits the administrator to perform repair operations
that would normally be refused (for example: update a read-only replica, update
a quiesced server, or set certain operational attributes).</td>
</tr>
<tr>
<td headers="wq407"><a href="rzahyproxyauth.htm#rzahyproxyauth">Proxy authorization</a></td>
<td headers="wq408">2.16.840.1.113730.3.4.18</td>
<td headers="wq409">V5R4</td>
<td headers="wq410">V5.2</td>
<td headers="wq411">Client application can bind to the directory with its
own identity but is allowed to perform operations on behalf of another.</td>
</tr>
<tr>
<td headers="wq407">Replication supplier bind control</td>
<td headers="wq408">1.3.18.0.2.10.18</td>
<td headers="wq409">V5R3</td>
<td headers="wq410">V5.2</td>
<td headers="wq411">This control is added by supplier, if the supplier is
a gateway server.</td>
</tr>
</tbody>
</table>
<p><span class="bold">Extended operations</span></p>
<a name="wq412"></a>
<table id="wq412" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 9. OIDs for extended operations</caption>
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq413" width="19%" align="left" valign="top">Name</th>
<th id="wq414" width="21%" align="left" valign="top">OID</th>
<th id="wq415" width="16%" align="left" valign="top">Earliest i5/OS or OS/400 release</th>
<th id="wq416" width="12%" align="left" valign="top">Earliest IBM Directory Server version</th>
<th id="wq417" width="30%" align="left" valign="top">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq413">Register for events</td>
<td headers="wq414">1.3.18.0.2.12.1</td>
<td headers="wq415">V4R5</td>
<td headers="wq416">V3.2</td>
<td headers="wq417">Request registration for events in SecureWay V3.2 Event
Support</td>
</tr>
<tr>
<td headers="wq413">Unregister for events</td>
<td headers="wq414">1.3.18.0.2.12.3</td>
<td headers="wq415">V4R5</td>
<td headers="wq416">V3.2</td>
<td headers="wq417">Ungister for events that were registered for using an
Event Registration Request.</td>
</tr>
<tr>
<td headers="wq413">Begin transaction</td>
<td headers="wq414">1.3.18.0.2.12.5</td>
<td headers="wq415">V4R5</td>
<td headers="wq416">V3.2</td>
<td headers="wq417">Begin a Transactional context for SecureWay V3.2</td>
</tr>
<tr>
<td headers="wq413">End transaction</td>
<td headers="wq414">1.3.18.0.2.12.6</td>
<td headers="wq415">V4R5</td>
<td headers="wq416">V3.2</td>
<td headers="wq417">End Transactional context (commit/rollback) for SecureWay
V3.2</td>
</tr>
<tr>
<td headers="wq413">DN normalize request</td>
<td headers="wq414">1.3.18.0.2.12.30</td>
<td headers="wq415">V5R3</td>
<td headers="wq416">V5.1</td>
<td headers="wq417">Request to normalize a DN or a sequence of DNs.</td>
</tr>
<tr>
<td headers="wq413">StartTLS</td>
<td headers="wq414">1.3.6.1.4.1.1466.20037</td>
<td headers="wq415">V5R4</td>
<td headers="wq416">V5.2</td>
<td headers="wq417">Request to start Transport Layer Security.</td>
</tr>
</tbody>
</table>
<p>Additional extended operations are defined which are not intended to be
started by a client. These operations are used through the ldapexop utility
or through operations performed by the Web administration tool. These operations,
and the authority required to start them are listed below:</p>
<a name="wq418"></a>
<table id="wq418" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 10. Additional extended operations</caption>
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq419" width="19%" align="left" valign="top">Name</th>
<th id="wq420" width="21%" align="left" valign="top">OID</th>
<th id="wq421" width="14%" align="left" valign="top">Earliest i5/OS release</th>
<th id="wq422" width="12%" align="left" valign="top">Earliest IBM Directory Server version</th>
<th id="wq423" width="32%" align="left" valign="top">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq419">Control replication</td>
<td headers="wq420">1.3.18.0.2.12.16</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.1</td>
<td headers="wq423">This operation performs the requested action on the
server it is issued to and cascades the call to all consumers beneath it in
the replication topology. The client must be the directory administrator
or have write authority to ibm-replicagroup=default object for the associated
replication context.</td>
</tr>
<tr>
<td headers="wq419">Control replication queue</td>
<td headers="wq420">1.3.18.0.2.12.17</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.1</td>
<td headers="wq423">This operation marks items as <tt class="xph">already
replicated</tt> for a specified agreement. This operation is allowed only
when the client has write authority to the replication agreement.</td>
</tr>
<tr>
<td headers="wq419">Quiesce or unquiesce</td>
<td headers="wq420">1.3.18.0.2.12.19</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.1</td>
<td headers="wq423">This operation puts the subtree into a state where it
does not accept client updates (or terminates this state), except for those
from clients authenticated as a directory administrator where the Server Administration
control is present. The client must be authenticated as the directory administrator
or have write authority to the ibm-replicagroup=default object for the associated
replication context.</td>
</tr>
<tr>
<td headers="wq419">Cascading control replication</td>
<td headers="wq420">1.3.18.0.2.12.15</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.1</td>
<td headers="wq423">This operation performs the requested action on the
server it is issued to and cascades the call to all consumers beneath it in
the replication topology. The client must be the directory administrator
or have write authority to ibm-replicagroup=default object for the associated
replication context.</td>
</tr>
<tr>
<td headers="wq419">Update configuration</td>
<td headers="wq420">1.3.18.0.2.12.28</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.1</td>
<td headers="wq423">This operation is used to cause the server to reread
specified settings from its configuration. The operation is allowed only
when the client is the directory administrator.</td>
</tr>
<tr>
<td headers="wq419">Kill Connection Request</td>
<td headers="wq420">1.3.18.0.2.12.35</td>
<td headers="wq421">V5R4</td>
<td headers="wq422">V5.2</td>
<td headers="wq423">Request to kill connections on the server.</td>
</tr>
<tr>
<td headers="wq419">Unique attribute request</td>
<td headers="wq420">1.3.18.0.2.12.44</td>
<td headers="wq421">V5R4</td>
<td headers="wq422">V5.2</td>
<td headers="wq423">Requests the server to return a list of all non-unique
values for a given attribute name. See <a href="rzahyldapexop.htm#rzahyldapexop">ldapexop</a> -op uniqueattr.</td>
</tr>
<tr>
<td headers="wq419">Attribute type request</td>
<td headers="wq420">1.3.18.0.2.12.46</td>
<td headers="wq421">V5R4</td>
<td headers="wq422">V5.2</td>
<td headers="wq423">Requests the server to return a list of names of attributes
having a particular characteristic. See <a href="rzahyldapexop.htm#rzahyldapexop">ldapexop</a> -op
getattributes</td>
</tr>
<tr>
<td headers="wq419">Control server tracing</td>
<td headers="wq420">1.3.18.0.2.12.40</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.2</td>
<td headers="wq423">Activate or deactivate tracing in the IBM Directory
Server.</td>
</tr>
<tr>
<td headers="wq419">User type request</td>
<td headers="wq420">1.3.18.0.2.12.37</td>
<td headers="wq421">V5R3</td>
<td headers="wq422">V5.2</td>
<td headers="wq423">Request to get User Type of the bound user.</td>
</tr>
</tbody>
</table>
<p><span class="bold">Supported and enabled capabilities</span></p>
<p>The following table shows OIDs for supported and enabled capabilities.
You can use these OIDs to see if a particular server supports these features.</p>
<a name="wq424"></a>
<table id="wq424" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 11. OIDs for supported and enabled capabilities</caption>
<thead valign="bottom">
<tr valign="bottom">
<th id="wq425" width="33%" align="left" valign="top">Name</th>
<th id="wq426" width="17%" align="left">OID</th>
<th id="wq427" width="49%" align="left">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq425">Enhanced Replication Model</td>
<td headers="wq426">1.3.18.0.2.32.1</td>
<td headers="wq427">Identifies the replication model introduced in IBM Directory
Server v5.1 including subtree and cascading replication.</td>
</tr>
<tr>
<td headers="wq425">Entry Checksum</td>
<td headers="wq426">1.3.18.0.2.32.2</td>
<td headers="wq427">Indicates that this server supports the ibm-entrychecksum
and ibm-entrychecksumop features.</td>
</tr>
<tr>
<td headers="wq425">Entry UUID</td>
<td headers="wq426">1.3.18.0.2.32.3</td>
<td headers="wq427">Identifies that this server supports the ibm-entryuuid
operational attribute.</td>
</tr>
<tr>
<td headers="wq425">Filter ACLs</td>
<td headers="wq426">1.3.18.0.2.32.4</td>
<td headers="wq427">Identifies that this server supports the IBM Filter
ACL model.</td>
</tr>
<tr>
<td headers="wq425">Password Policy</td>
<td headers="wq426">1.3.18.0.2.32.5</td>
<td headers="wq427">Identifies that this server supports password policies</td>
</tr>
<tr>
<td headers="wq425">Sort by DN</td>
<td headers="wq426">1.3.18.0.2.32.6</td>
<td headers="wq427">Indicates that this server supports using the ibm-slapdDn
attribute to sort by DN.</td>
</tr>
<tr>
<td headers="wq425">Administrative Group Delegation</td>
<td headers="wq426">1.3.18.0.2.32.8</td>
<td headers="wq427">Server supports the delegation of server administration
to a group of administrators that are specified in the configuration backend.</td>
</tr>
<tr>
<td headers="wq425">Denial of Service Prevention</td>
<td headers="wq426">1.3.18.0.2.32.9</td>
<td headers="wq427">Server supports the denial of service prevention feature.
Including read/write time-outs and the emergency thread.</td>
</tr>
<tr>
<td headers="wq425">Entry And Subtree Dynanic Updates</td>
<td headers="wq426">1.3.18.0.2.32.15</td>
<td headers="wq427">The server supports dynamic configuration updates on
entries and subtrees</td>
</tr>
<tr>
<td headers="wq425">Dereference Alias Option</td>
<td headers="wq426">1.3.18.0.2.32.10</td>
<td headers="wq427">Server supports an option to not dereference Aliases
by default</td>
</tr>
<tr>
<td headers="wq425">Group-Specific Search Limits</td>
<td headers="wq426">1.3.18.0.2.32.17</td>
<td headers="wq427">Group-Specific Search Limits supports extended search
limits for a group of people</td>
</tr>
<tr>
<td headers="wq425">Dynamic Tracing</td>
<td headers="wq426">1.3.18.0.2.32.14</td>
<td headers="wq427">Server supports active tracing for the server with an
LDAP extended operation.</td>
</tr>
<tr>
<td headers="wq425">TLS Capabilities</td>
<td headers="wq426">1.3.18.0.2.32.28</td>
<td headers="wq427">Specifies that the server is actually capable of doing
TLS.</td>
</tr>
<tr>
<td headers="wq425">Admin Daemon Auditing</td>
<td headers="wq426">1.3.18.0.2.32.11</td>
<td headers="wq427">Server supports the auditing of the admin daemon.</td>
</tr>
<tr>
<td headers="wq425">Kerberos Capabilities</td>
<td headers="wq426">1.3.18.0.2.32.30</td>
<td headers="wq427">Specifies that the server is actually capable of doing
Kerberos.</td>
</tr>
<tr>
<td headers="wq425">Non-blocking Replication</td>
<td headers="wq426">1.3.18.0.2.32.29</td>
<td headers="wq427">Supplier does not always retry sending an update if
consumer returns an error</td>
</tr>
<tr>
<td headers="wq425">ibm-allMembers and ibm-allGroups operational attributes</td>
<td headers="wq426">1.3.18.0.2.32.31</td>
<td headers="wq427">The backend supports static, dynamic, and nested group
searching via the ibm-allMembers and ibm-allGroups operational attributes.
The members of a static, dynamic and/or nested group can be obtained by performing
a search on the ibm-allMembers operational attribute. The static, dynamic,
and/or nested groups that a member DN belongs to can be obtained by performing
a search on the ibm-allGroups operational attribute.</td>
</tr>
<tr>
<td headers="wq425">Globally Unique Attributes</td>
<td headers="wq426">1.3.18.0.2.32.16</td>
<td headers="wq427">The server feature to enforce globally unique attribute
values.</td>
</tr>
<tr>
<td headers="wq425">Monitor Operation Counts</td>
<td headers="wq426">1.3.18.0.2.32.24</td>
<td headers="wq427">The server provides monitor operation counts for initiated
and completed operation types.</td>
</tr>
<tr>
<td headers="wq425">Monitor Logging Counts</td>
<td headers="wq426">1.3.18.0.2.32.20</td>
<td headers="wq427">The server provides monitor logging counts for messages
added to server, CLI, and audit log files.</td>
</tr>
<tr>
<td headers="wq425">Monitor Connection Type Counts</td>
<td headers="wq426">1.3.18.0.2.32.22</td>
<td headers="wq427">The server provides monitor connection type counts for
SSL and TLS connections.</td>
</tr>
<tr>
<td headers="wq425">Monitor Active Workers Info</td>
<td headers="wq426">1.3.18.0.2.32.21</td>
<td headers="wq427">The server provides monitor information for active workers
(cn=workers,cn=monitor).</td>
</tr>
<tr>
<td headers="wq425">Monitor Connections Info</td>
<td headers="wq426">1.3.18.0.2.32.23</td>
<td headers="wq427">The server provides monitor information for connections
by IP address instead of connection ID (cn=connections, cn=monitor).</td>
</tr>
<tr>
<td headers="wq425">Monitor Tracing Info</td>
<td headers="wq426">1.3.18.0.2.32.25</td>
<td headers="wq427">The server provides monitor information for tracing
options currently being used.</td>
</tr>
<tr>
<td headers="wq425">Attribute Caching Search Filter Resolution</td>
<td headers="wq426">1.3.18.0.2.32.13</td>
<td headers="wq427">The server supports attribute caching for search filter
resolution.</td>
</tr>
<tr>
<td headers="wq425">Proxy Authorization</td>
<td headers="wq426">1.3.18.0.2.32.27</td>
<td headers="wq427">Server supports Proxy Authorization for a group of users.</td>
</tr>
<tr>
<td headers="wq425">Language tag option support</td>
<td headers="wq426">1.3.6.1.4.1.4203.1.5.4</td>
<td headers="wq427">Indicates server supports language tags as defined in
RFC 2596.</td>
</tr>
<tr>
<td headers="wq425">Max Age ChangeLog Entries</td>
<td headers="wq426">1.3.18.0.2.32.19</td>
<td headers="wq427">Specifies that the server is capable of retaining changelog
entries bases on age.</td>
</tr>
<tr>
<td headers="wq425">IBMpolicies Replication Subtree</td>
<td headers="wq426">1.3.18.0.2.32.18</td>
<td headers="wq427">Server supports the replication of the cn=IBMpolicies
subtree.</td>
</tr>
<tr>
<td headers="wq425">NULL base subtree search</td>
<td headers="wq426">1.3.18.0.2.32.26</td>
<td headers="wq427">Server allows null based subtree search which searches
the entire DIT defined in the server.</td>
</tr>
<tr>
<td headers="wq425">autonomic attribute cache</td>
<td headers="wq426">1.3.18.0.2.32.50</td>
<td headers="wq427">Supports autonomic attribute caching</td>
</tr>
<tr>
<td headers="wq425">ibm-entrychecksumop</td>
<td headers="wq426">1.3.18.0.2.32.56</td>
<td headers="wq427">The 6.0 IDS ibm-entrychecksumop functionality</td>
</tr>
</tbody>
</table>
<p><span class="bold">OIDs for ACL mechanisms</span></p>
<p>The following table shows the OIDs for ACL mechanisms.</p>
<a name="wq428"></a>
<table id="wq428" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 12. OIDs for ACL mechanisms</caption>
<thead valign="bottom">
<tr valign="bottom">
<th id="wq429" align="left" valign="top">Name</th>
<th id="wq430" align="left">OID</th>
<th id="wq431" align="left">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq429">IBM SecureWay V3.2 ACL Model</td>
<td headers="wq430">1.3.18.0.2.26.2</td>
<td headers="wq431">Indicates that the LDAP server supports the IBM SecureWay
V3.2 ACL model</td>
</tr>
<tr>
<td headers="wq429">IBM Filter Based ACL Mechanism</td>
<td headers="wq430">1.3.18.0.2.26.3</td>
<td headers="wq431">Indicates that the LDAP server supports IBM Directory
Server v5.1 filter based ACLs</td>
</tr>
<tr>
<td headers="wq429">System Restricted ACL Support</td>
<td headers="wq430">1.3.18.0.2.26.4</td>
<td headers="wq431">Indicates server supports system and restricted access
class in ACL entries.</td>
</tr>
</tbody>
</table><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>