- All Implemented Interfaces:
- java.io.Serializable, javax.naming.ldap.Control
public class SDFlagsControl
extends javax.naming.ldap.BasicControl
When performing an LDAP operation (modify or search), the client may supply an SD Flags Control
LDAP_SERVER_SD_FLAGS_OID (1.2.840.113556.1.4.801) with the operation. The value of the control is an integer, which
is used to identify which security descriptor (SD) parts the client intends to read or modify. When the control is
not specified, then the default value of 15 (0x0000000F) is used.
The SD parts are identified using the following bit values: OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION,
DACL_SECURITY_INFORMATION, SACL_SECURITY_INFORMATION, which correspond to OWNER, GROUP, DACL and SACL SD fields,
respectively.
If the LDAP_SERVER_SD_FLAGS_OID control is present in an LDAP search request, the server returns an SD with the parts
specified in the control when the SD attribute name is explicitly mentioned in the requested attribute list, or when
the requested attribute list is empty, or when all attributes are requested ([RFC2251] section 4.5.1). Without the
presence of this control, the server returns an SD only when the SD attribute name is explicitly mentioned in the
requested attribute list.
For update operations, the bits identify which SD parts are affected by the operation. Note that the client may
supply values for other (or all) SD fields. However, the server only updates the fields that are identified by the SD
control. The remaining fields are ignored. When performing an LDAP add operation, the client can supply an SD flags
control with the operation; however, it will be ignored by the server.
- See Also:
- cc223733,
Serialized Form