Object identifiers (OIDs)
This information contains the object identifiers (OIDs) that are used in the Directory Server.
The OIDs shown in the following tables are used in the Directory Server. These OIDs are in the root DSE. The root DSE entry contains information about the server itself.
Controls
Table 1. Supported Directory Server controls Name OID Earliest or i5/OS® or OS/400® release Earliest IBM Directory Server version Description Manage DSA IT 2.16.840.1.1137.30.3.4.2 V4R5 V3.2 Treat referral entries as regular entries. Transactions 1.3.18.0.2.10.5 V4R5 V3.2 Mark an operation as part of a transaction. os400-dltusrprf-ownobjopt 1.3.18.0.2.10.8 V5R2 Delete user profile option for object owner. See Operating system projected backend for details. os400-dltusrprf-pgpopt 1.3.18.0.2.10.9 V5R2 Delete user profile option for primary group. See Operating system projected backend for details. Sorted search 1.2.840.113556.1.4.473 (request) and 1.2.840.113556.1.4.474 (response) V5R2 with PTF V4.1 Sort search results before returning the entries to the client. See Search parameters. Paged search 1.2.840.113556.1.4.319 V5R2 with PTF V4.1 Return search results in pages to the client instead of all at once. See Search parameters. Tree Delete control 1.2.840.113556.1.4.805 V5R3 V5.1 This control is attached to a Delete request to indicate that the specified entry and all descendant entries are to be deleted. User must be a directory administrator. The entry to be deleted cannot be a replication context. Password policy 1.3.6.1.4.1.42.2.27.8.5.1 V5R3 V5.1 Return extra password policy error information to the client. Server administration 1.3.18.0.2.10.15 V5R3 V5.1 Permits the administrator to perform repair operations that would normally be refused (for example: update a read-only replica, update a quiesced server, or set certain operational attributes). Proxy authorization 2.16.840.1.113730.3.4.18 V5R4 V5.2 Client application can bind to the directory with its own identity but is allowed to perform operations on behalf of another. Replication supplier bind control 1.3.18.0.2.10.18 V5R3 V5.2 This control is added by supplier, if the supplier is a gateway server.
Extended operations
Table 2. OIDs for extended operations Name OID Earliest i5/OS or OS/400 release Earliest IBM Directory Server version Description Register for events 1.3.18.0.2.12.1 V4R5 V3.2 Request registration for events in SecureWay V3.2 Event Support Unregister for events 1.3.18.0.2.12.3 V4R5 V3.2 Ungister for events that were registered for using an Event Registration Request. Begin transaction 1.3.18.0.2.12.5 V4R5 V3.2 Begin a Transactional context for SecureWay V3.2 End transaction 1.3.18.0.2.12.6 V4R5 V3.2 End Transactional context (commit/rollback) for SecureWay V3.2 DN normalize request 1.3.18.0.2.12.30 V5R3 V5.1 Request to normalize a DN or a sequence of DNs. StartTLS 1.3.6.1.4.1.1466.20037 V5R4 V5.2 Request to start Transport Layer Security. Additional extended operations are defined which are not intended to be started by a client. These operations are used through the ldapexop utility or through operations performed by the Web administration tool. These operations, and the authority required to start them are listed below:
Table 3. Additional extended operations Name OID Earliest i5/OS release Earliest IBM Directory Server version Description Control replication 1.3.18.0.2.12.16 V5R3 V5.1 This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology. The client must be the directory administrator or have write authority to ibm-replicagroup=default object for the associated replication context. Control replication queue 1.3.18.0.2.12.17 V5R3 V5.1 This operation marks items as already replicated for a specified agreement. This operation is allowed only when the client has write authority to the replication agreement. Quiesce or unquiesce 1.3.18.0.2.12.19 V5R3 V5.1 This operation puts the subtree into a state where it does not accept client updates (or terminates this state), except for those from clients authenticated as a directory administrator where the Server Administration control is present. The client must be authenticated as the directory administrator or have write authority to the ibm-replicagroup=default object for the associated replication context. Cascading control replication 1.3.18.0.2.12.15 V5R3 V5.1 This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology. The client must be the directory administrator or have write authority to ibm-replicagroup=default object for the associated replication context. Update configuration 1.3.18.0.2.12.28 V5R3 V5.1 This operation is used to cause the server to reread specified settings from its configuration. The operation is allowed only when the client is the directory administrator. Kill Connection Request 1.3.18.0.2.12.35 V5R4 V5.2 Request to kill connections on the server. Unique attribute request 1.3.18.0.2.12.44 V5R4 V5.2 Requests the server to return a list of all non-unique values for a given attribute name. See ldapexop -op uniqueattr. Attribute type request 1.3.18.0.2.12.46 V5R4 V5.2 Requests the server to return a list of names of attributes having a particular characteristic. See ldapexop -op getattributes Control server tracing 1.3.18.0.2.12.40 V5R3 V5.2 Activate or deactivate tracing in the IBM Directory Server. User type request 1.3.18.0.2.12.37 V5R3 V5.2 Request to get User Type of the bound user.
Supported and enabled capabilities
The following table shows OIDs for supported and enabled capabilities. You can use these OIDs to see if a particular server supports these features.
Table 4. OIDs for supported and enabled capabilities Name OID Description Enhanced Replication Model 1.3.18.0.2.32.1 Identifies the replication model introduced in IBM Directory Server v5.1 including subtree and cascading replication. Entry Checksum 1.3.18.0.2.32.2 Indicates that this server supports the ibm-entrychecksum and ibm-entrychecksumop features. Entry UUID 1.3.18.0.2.32.3 Identifies that this server supports the ibm-entryuuid operational attribute. Filter ACLs 1.3.18.0.2.32.4 Identifies that this server supports the IBM Filter ACL model. Password Policy 1.3.18.0.2.32.5 Identifies that this server supports password policies Sort by DN 1.3.18.0.2.32.6 Indicates that this server supports using the ibm-slapdDn attribute to sort by DN. Administrative Group Delegation 1.3.18.0.2.32.8 Server supports the delegation of server administration to a group of administrators that are specified in the configuration backend. Denial of Service Prevention 1.3.18.0.2.32.9 Server supports the denial of service prevention feature. Including read/write time-outs and the emergency thread. Entry And Subtree Dynanic Updates 1.3.18.0.2.32.15 The server supports dynamic configuration updates on entries and subtrees Dereference Alias Option 1.3.18.0.2.32.10 Server supports an option to not dereference Aliases by default Group-Specific Search Limits 1.3.18.0.2.32.17 Group-Specific Search Limits supports extended search limits for a group of people Dynamic Tracing 1.3.18.0.2.32.14 Server supports active tracing for the server with an LDAP extended operation. TLS Capabilities 1.3.18.0.2.32.28 Specifies that the server is actually capable of doing TLS. Admin Daemon Auditing 1.3.18.0.2.32.11 Server supports the auditing of the admin daemon. Kerberos Capabilities 1.3.18.0.2.32.30 Specifies that the server is actually capable of doing Kerberos. Non-blocking Replication 1.3.18.0.2.32.29 Supplier does not always retry sending an update if consumer returns an error ibm-allMembers and ibm-allGroups operational attributes 1.3.18.0.2.32.31 The backend supports static, dynamic, and nested group searching via the ibm-allMembers and ibm-allGroups operational attributes. The members of a static, dynamic and/or nested group can be obtained by performing a search on the ibm-allMembers operational attribute. The static, dynamic, and/or nested groups that a member DN belongs to can be obtained by performing a search on the ibm-allGroups operational attribute. Globally Unique Attributes 1.3.18.0.2.32.16 The server feature to enforce globally unique attribute values. Monitor Operation Counts 1.3.18.0.2.32.24 The server provides monitor operation counts for initiated and completed operation types. Monitor Logging Counts 1.3.18.0.2.32.20 The server provides monitor logging counts for messages added to server, CLI, and audit log files. Monitor Connection Type Counts 1.3.18.0.2.32.22 The server provides monitor connection type counts for SSL and TLS connections. Monitor Active Workers Info 1.3.18.0.2.32.21 The server provides monitor information for active workers (cn=workers,cn=monitor). Monitor Connections Info 1.3.18.0.2.32.23 The server provides monitor information for connections by IP address instead of connection ID (cn=connections, cn=monitor). Monitor Tracing Info 1.3.18.0.2.32.25 The server provides monitor information for tracing options currently being used. Attribute Caching Search Filter Resolution 1.3.18.0.2.32.13 The server supports attribute caching for search filter resolution. Proxy Authorization 1.3.18.0.2.32.27 Server supports Proxy Authorization for a group of users. Language tag option support 1.3.6.1.4.1.4203.1.5.4 Indicates server supports language tags as defined in RFC 2596. Max Age ChangeLog Entries 1.3.18.0.2.32.19 Specifies that the server is capable of retaining changelog entries bases on age. IBMpolicies Replication Subtree 1.3.18.0.2.32.18 Server supports the replication of the cn=IBMpolicies subtree. NULL base subtree search 1.3.18.0.2.32.26 Server allows null based subtree search which searches the entire DIT defined in the server. autonomic attribute cache 1.3.18.0.2.32.50 Supports autonomic attribute caching ibm-entrychecksumop 1.3.18.0.2.32.56 The 6.0 IDS ibm-entrychecksumop functionality
OIDs for ACL mechanisms
The following table shows the OIDs for ACL mechanisms.
Table 5. OIDs for ACL mechanisms Name OID Description IBM SecureWay V3.2 ACL Model 1.3.18.0.2.26.2 Indicates that the LDAP server supports the IBM SecureWay V3.2 ACL model IBM Filter Based ACL Mechanism 1.3.18.0.2.26.3 Indicates that the LDAP server supports IBM Directory Server v5.1 filter based ACLs System Restricted ACL Support 1.3.18.0.2.26.4 Indicates server supports system and restricted access class in ACL entries.
Parent topic:
Reference
Related concepts
Controls and extended operations