3.1 - Controls

A LDAP Control is an extension to an operation. It tells the server to do something aside the standard operation, or it let the server send back some information to the client. A Control contains three different parts :

  • An identifier, the control OID
  • A flag telling the server what to do if it does not know about the control or if it results in an error (either return an error or ignore the control)
  • A value which is generally BER encoded

There are many controls available, some being standardized, other being server specific.

One or more control can be added to any operation.

Note that either the client or the server might not know about the controls being used, and if the criticality flag is set to FALSE, the server will ignore the control in this case.

Please check this page for a detailed description on controls usage.