Controls for LDAP APIs

Certain LDAP Version 3 operations can be extended with the use of controls. Controls can be sent to a server, or returned to the client with any LDAP message. This type of control is called a server control.

The LDAP API also supports a client-side extension mechanism, which can be used to define client controls. The client-side controls affect the behavior of the LDAP client library, and are never sent to the server. Note that client-side controls are not defined for this client library.

A common data structure is used to represent both server-side and client-side controls:

      typedef struct ldapcontrol {
              char            *ldctl_oid;
              struct berval   ldctl_value;
              char            ldctl_iscritical;
      } LDAPControl, *PLDAPControl;

The LDAPControl fields have the following definitions:

ldctl_oid The control type, represented as a string.
ldctl_value The data associated with the control. Note that the control may not include data.
ldctl_iscritical Whether the control is critical. If the field is nonzero, the operation will be carried out only if it is recognized and supported by the server (or the client for client-side controls).


Directory Services APIs | APIs by category