OpenLDAP Faq-O-Matic : OpenLDAP Developer's FAQ : OpenLDAP OID Registry : .666 : .5 :
.16Dereference Control
1. Specification
1.1. Request
controlValue ::= SEQUENCE OF derefSpec DerefSpec
DerefSpec ::= SEQUENCE {
derefAttr attributeDescription, ; DN-valued
attributes AttributeList }
AttributeList ::= SEQUENCE OF attr AttributeDescription
derefAttr MUST be unique within controlValue
1.2. Response
controlValue ::= SEQUENCE OF DerefRes
From RFC 4511:
PartialAttribute ::= SEQUENCE {
type AttributeDescription,
vals SET OF value AttributeValue }
PartialAttributeList ::= SEQUENCE OF
partialAttribute PartialAttribute
DerefRes ::= SEQUENCE {
derefAttr AttributeDescription,
derefVal LDAPDN,
attrVals [0] PartialAttributeList OPTIONAL }
If vals is empty, partialAttribute is omitted.
If all vals in attrVals are empty, attrVals
is omitted.
2. Examples
2.1. Example
Request:
{ { member, { GUID, SID } }, { memberOf, { GUID, SID } } }
Response:
{ { memberOf, "cn=abartlet,cn=users,dc=abartlet,dc=net",
{ { GUID, [ "0bc11d00-e431-40a0-8767-344a320142fa" ] },
{ SID, [ "S-1-2-3-2345" ] } } },
{ memberOf, "cn=ando,cn=users,dc=sys-net,dc=it",
{ { GUID, [ "0bc11d00-e431-40a0-8767-344a320142fb" ] },
{ SID, [ "S-1-2-3-2346" ] } } } }
2.2. Example
Request:
{ { member, { cn, uid, drink } } }
Response:
{ { member, "cn=ando,cn=users,dc=sys-net,dc=it",
{ { cn, [ "ando", "Pierangelo Masarati" ] },
{ uid, [ "ando" ] } } },
{ member, "dc=sys-net,dc=it" } }
See <draft-masarati-ldap-deref>
(a work in progress; to be submitted to the RFC Editor).
ando@sys-net.it