The OIDs shown in the following tables are used in the Directory Server. These OIDs are in the root DSE. The root DSE entry contains information about the server itself.
Controls
| Name | OID | Earliest or i5/OS or OS/400 release | Earliest IBM Directory Server version | Description |
|---|---|---|---|---|
| Manage DSA IT | 2.16.840.1.1137.30.3.4.2 | V4R5 | V3.2 | Treat referral entries as regular entries. |
| Transactions | 1.3.18.0.2.10.5 | V4R5 | V3.2 | Mark an operation as part of a transaction. |
| os400-dltusrprf-ownobjopt | 1.3.18.0.2.10.8 | V5R2 | Delete user profile option for object owner. See Operating system projected backend for details. | |
| os400-dltusrprf-pgpopt | 1.3.18.0.2.10.9 | V5R2 | Delete user profile option for primary group. See Operating system projected backend for details. | |
| Sorted search | 1.2.840.113556.1.4.473 (request) and 1.2.840.113556.1.4.474 (response) | V5R2 with PTF | V4.1 | Sort search results before returning the entries to the client. See Search parameters. |
| Paged search | 1.2.840.113556.1.4.319 | V5R2 with PTF | V4.1 | Return search results in pages to the client instead of all at once. See Search parameters. |
| Tree Delete control | 1.2.840.113556.1.4.805 | V5R3 | V5.1 | This control is attached to a Delete request to indicate that the specified entry and all descendant entries are to be deleted. User must be a directory administrator. The entry to be deleted cannot be a replication context. |
| Password policy | 1.3.6.1.4.1.42.2.27.8.5.1 | V5R3 | V5.1 | Return extra password policy error information to the client. |
| Server administration | 1.3.18.0.2.10.15 | V5R3 | V5.1 | Permits the administrator to perform repair operations that would normally be refused (for example: update a read-only replica, update a quiesced server, or set certain operational attributes). |
| Proxy authorization | 2.16.840.1.113730.3.4.18 | V5R4 | V5.2 | Client application can bind to the directory with its own identity but is allowed to perform operations on behalf of another. |
| Replication supplier bind control | 1.3.18.0.2.10.18 | V5R3 | V5.2 | This control is added by supplier, if the supplier is a gateway server. |
Extended operations
| Name | OID | Earliest i5/OS or OS/400 release | Earliest IBM Directory Server version | Description |
|---|---|---|---|---|
| Register for events | 1.3.18.0.2.12.1 | V4R5 | V3.2 | Request registration for events in SecureWay V3.2 Event Support |
| Unregister for events | 1.3.18.0.2.12.3 | V4R5 | V3.2 | Ungister for events that were registered for using an Event Registration Request. |
| Begin transaction | 1.3.18.0.2.12.5 | V4R5 | V3.2 | Begin a Transactional context for SecureWay V3.2 |
| End transaction | 1.3.18.0.2.12.6 | V4R5 | V3.2 | End Transactional context (commit/rollback) for SecureWay V3.2 |
| DN normalize request | 1.3.18.0.2.12.30 | V5R3 | V5.1 | Request to normalize a DN or a sequence of DNs. |
| StartTLS | 1.3.6.1.4.1.1466.20037 | V5R4 | V5.2 | Request to start Transport Layer Security. |
Additional extended operations are defined which are not intended to be started by a client. These operations are used through the ldapexop utility or through operations performed by the Web administration tool. These operations, and the authority required to start them are listed below:
| Name | OID | Earliest i5/OS release | Earliest IBM Directory Server version | Description |
|---|---|---|---|---|
| Control replication | 1.3.18.0.2.12.16 | V5R3 | V5.1 | This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology. The client must be the directory administrator or have write authority to ibm-replicagroup=default object for the associated replication context. |
| Control replication queue | 1.3.18.0.2.12.17 | V5R3 | V5.1 | This operation marks items as already replicated for a specified agreement. This operation is allowed only when the client has write authority to the replication agreement. |
| Quiesce or unquiesce | 1.3.18.0.2.12.19 | V5R3 | V5.1 | This operation puts the subtree into a state where it does not accept client updates (or terminates this state), except for those from clients authenticated as a directory administrator where the Server Administration control is present. The client must be authenticated as the directory administrator or have write authority to the ibm-replicagroup=default object for the associated replication context. |
| Cascading control replication | 1.3.18.0.2.12.15 | V5R3 | V5.1 | This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology. The client must be the directory administrator or have write authority to ibm-replicagroup=default object for the associated replication context. |
| Update configuration | 1.3.18.0.2.12.28 | V5R3 | V5.1 | This operation is used to cause the server to reread specified settings from its configuration. The operation is allowed only when the client is the directory administrator. |
| Kill Connection Request | 1.3.18.0.2.12.35 | V5R4 | V5.2 | Request to kill connections on the server. |
| Unique attribute request | 1.3.18.0.2.12.44 | V5R4 | V5.2 | Requests the server to return a list of all non-unique values for a given attribute name. See ldapexop -op uniqueattr. |
| Attribute type request | 1.3.18.0.2.12.46 | V5R4 | V5.2 | Requests the server to return a list of names of attributes having a particular characteristic. See ldapexop -op getattributes |
| Control server tracing | 1.3.18.0.2.12.40 | V5R3 | V5.2 | Activate or deactivate tracing in the IBM Directory Server. |
| User type request | 1.3.18.0.2.12.37 | V5R3 | V5.2 | Request to get User Type of the bound user. |
Supported and enabled capabilities
The following table shows OIDs for supported and enabled capabilities. You can use these OIDs to see if a particular server supports these features.
| Name | OID | Description |
|---|---|---|
| Enhanced Replication Model | 1.3.18.0.2.32.1 | Identifies the replication model introduced in IBM Directory Server v5.1 including subtree and cascading replication. |
| Entry Checksum | 1.3.18.0.2.32.2 | Indicates that this server supports the ibm-entrychecksum and ibm-entrychecksumop features. |
| Entry UUID | 1.3.18.0.2.32.3 | Identifies that this server supports the ibm-entryuuid operational attribute. |
| Filter ACLs | 1.3.18.0.2.32.4 | Identifies that this server supports the IBM Filter ACL model. |
| Password Policy | 1.3.18.0.2.32.5 | Identifies that this server supports password policies |
| Sort by DN | 1.3.18.0.2.32.6 | Indicates that this server supports using the ibm-slapdDn attribute to sort by DN. |
| Administrative Group Delegation | 1.3.18.0.2.32.8 | Server supports the delegation of server administration to a group of administrators that are specified in the configuration backend. |
| Denial of Service Prevention | 1.3.18.0.2.32.9 | Server supports the denial of service prevention feature. Including read/write time-outs and the emergency thread. |
| Entry And Subtree Dynanic Updates | 1.3.18.0.2.32.15 | The server supports dynamic configuration updates on entries and subtrees |
| Dereference Alias Option | 1.3.18.0.2.32.10 | Server supports an option to not dereference Aliases by default |
| Group-Specific Search Limits | 1.3.18.0.2.32.17 | Group-Specific Search Limits supports extended search limits for a group of people |
| Dynamic Tracing | 1.3.18.0.2.32.14 | Server supports active tracing for the server with an LDAP extended operation. |
| TLS Capabilities | 1.3.18.0.2.32.28 | Specifies that the server is actually capable of doing TLS. |
| Admin Daemon Auditing | 1.3.18.0.2.32.11 | Server supports the auditing of the admin daemon. |
| Kerberos Capabilities | 1.3.18.0.2.32.30 | Specifies that the server is actually capable of doing Kerberos. |
| Non-blocking Replication | 1.3.18.0.2.32.29 | Supplier does not always retry sending an update if consumer returns an error |
| ibm-allMembers and ibm-allGroups operational attributes | 1.3.18.0.2.32.31 | The backend supports static, dynamic, and nested group searching via the ibm-allMembers and ibm-allGroups operational attributes. The members of a static, dynamic and/or nested group can be obtained by performing a search on the ibm-allMembers operational attribute. The static, dynamic, and/or nested groups that a member DN belongs to can be obtained by performing a search on the ibm-allGroups operational attribute. |
| Globally Unique Attributes | 1.3.18.0.2.32.16 | The server feature to enforce globally unique attribute values. |
| Monitor Operation Counts | 1.3.18.0.2.32.24 | The server provides monitor operation counts for initiated and completed operation types. |
| Monitor Logging Counts | 1.3.18.0.2.32.20 | The server provides monitor logging counts for messages added to server, CLI, and audit log files. |
| Monitor Connection Type Counts | 1.3.18.0.2.32.22 | The server provides monitor connection type counts for SSL and TLS connections. |
| Monitor Active Workers Info | 1.3.18.0.2.32.21 | The server provides monitor information for active workers (cn=workers,cn=monitor). |
| Monitor Connections Info | 1.3.18.0.2.32.23 | The server provides monitor information for connections by IP address instead of connection ID (cn=connections, cn=monitor). |
| Monitor Tracing Info | 1.3.18.0.2.32.25 | The server provides monitor information for tracing options currently being used. |
| Attribute Caching Search Filter Resolution | 1.3.18.0.2.32.13 | The server supports attribute caching for search filter resolution. |
| Proxy Authorization | 1.3.18.0.2.32.27 | Server supports Proxy Authorization for a group of users. |
| Language tag option support | 1.3.6.1.4.1.4203.1.5.4 | Indicates server supports language tags as defined in RFC 2596. |
| Max Age ChangeLog Entries | 1.3.18.0.2.32.19 | Specifies that the server is capable of retaining changelog entries bases on age. |
| IBMpolicies Replication Subtree | 1.3.18.0.2.32.18 | Server supports the replication of the cn=IBMpolicies subtree. |
| NULL base subtree search | 1.3.18.0.2.32.26 | Server allows null based subtree search which searches the entire DIT defined in the server. |
| autonomic attribute cache | 1.3.18.0.2.32.50 | Supports autonomic attribute caching |
| ibm-entrychecksumop | 1.3.18.0.2.32.56 | The 6.0 IDS ibm-entrychecksumop functionality |
OIDs for ACL mechanisms
The following table shows the OIDs for ACL mechanisms.
| Name | OID | Description |
|---|---|---|
| IBM SecureWay V3.2 ACL Model | 1.3.18.0.2.26.2 | Indicates that the LDAP server supports the IBM SecureWay V3.2 ACL model |
| IBM Filter Based ACL Mechanism | 1.3.18.0.2.26.3 | Indicates that the LDAP server supports IBM Directory Server v5.1 filter based ACLs |
| System Restricted ACL Support | 1.3.18.0.2.26.4 | Indicates server supports system and restricted access class in ACL entries. |
