Object Identifiers (OIDs) and attributes in the root DSE

Directory Server, Version 6.1

Appendix B. Object Identifiers (OIDs) and attributes in the root DSE

The OIDs and attributes shown in the following sections are used in IBM® Tivoli® Directory Server version 6.0 and above. These OIDs and attributes are in the root DSE. The root DSE entry contains information about the server itself.
IBM Tivoli Directory Server defines a root DSE entry that an LDAP server provides to supply you with information about the LDAP server. For example, you might want to know what version of LDAP a server supports.
To list the OIDs and attributes in the root DSE, run the following command:
idsldapsearch -D <AdminDN> -w <Adminpw> -s base 
              -b "" objectclass=*
For more detailed information, see the IBM Tivoli Directory Server Version 6.1 C-Client SDK Programming Reference.

Attributes in the root DSE

The following attributes are in the root DSE:

namingcontexts

The naming contexts held in the server.
The values of this attribute correspond to the naming contexts that this server masters or shadows. If the server does not master or shadow any information (for example, it is an LDAP gateway to a public X.500 directory), this attribute is absent. If the server believes it contains the entire directory, the attribute has a single value, and that value is an empty string (indicating the null DN of the root). This allows a client to choose suitable base objects for searching when it has contacted a server (the list of highest level suffixes the user defines in the configuration).

ibm-configurationnamingcontext

The suffix where the server's configuration entries are stored. For version 6.0 and above this is cn=configuration.

subschemasubentry

The value of this attribute is the name of a subschema entry in which the server makes available attributes specifying the schema. It is set to cn=schema.

security

The secure SSL port the server is listening on. For example 636.

port

The nonsecure port the server is listening on. For example 389. This is only present only if the server does not have a secure port enabled.

supportedsaslmechanisms

A list of supported SASL security features.
The values of this attribute are the names of supported SASL mechanisms that the server supports. If the server does not support any mechanisms then this attribute is absent. This attribute contains any SASL mechanism that is registered to the server.

supportedldapversion

LDAP versions implemented by the current server.
The values of this attribute are the versions of the LDAP protocol that the server implements. The values are 2 and 3.

ibmdirectoryversion

The version of IBM Tivoli Directory Server installed on this server. The current version is 6.1.

ibm-enabledcapabilities

Lists the server capabilities currenty enabled on the server. See OIDs for supported and enabled capabilities for the values.

ibm-ldapservicename

Specifies the host name of the server. If a Kerberos realm is defined, the form is hostname@realmname.

ibm-serverId

The unique ID assigned to the server at the initial startup of the server. This ID is used in replication topology to determine a server's role.

vendorname

The supplier of this version of LDAP. For IBM Tivoli Directory Server, this is set to International Business Machines (IBM).

vendorversion

For IBM Tivoli Directory Server 6.1, the vendor version is set to 6.1.

ibm-slapdServerBackend

Specifies whether the server loads a database or proxy backend.

ibm-slapdSizeLimit

Limits the number of entries returned by a search initiated by nonadministrative users.

ibm-slapdTimeLimit

Specifies in seconds the maximum amount of time the server spends processing a search request initiated by nonadministrative users.

ibm-slapdDerefAliases

Describes how the server is configured to handle dereferrencing.

ibm-supportedAuditVersion

The supported version of auditing. For example, in version 6.0 and above the server supports auditing version 3 that enables auditing of extended operations.

ibm-supportedACIMechanisms

Lists the ACL models the server supports. See OIDs for ACI mechanisms for the values.

ibm-supportedcapabilities

Lists the server capabilities currently supported by the server. See OIDs for supported and enabled capabilities for the values.

ibm-sasldigestrealmname

ibm-slapdServerInstanceName

Name of the directory server instance running on the server.

ibm-slapdisconfigurationmode

Identifies whether the server is running in configuration mode. If TRUE, the server is in configuration mode. If FALSE, the server is not in configuration mode.

OIDs for supported and enabled capabilities

The following table shows OIDs for supported and enabled capabilities. We can use these OIDs to see if a particular server supports these features.
Table 27. OIDs for supported and enabled capabilities

Short name Description OID assigned

Enhanced Replication Model Identifies the replication model introduced in IBM Directory Server v5.1 including subtree and cascading replication. 1.3.18.0.2.32.1
Entry Checksum Indicates that this server supports the ibm-entrychecksum and ibm-entrychecksumop features. 1.3.18.0.2.32.2
Entry UUID This value is listed in the ibm-capabilities Subentry for those suffixes that support the ibm-entryuuid attribute. 1.3.18.0.2.32.3
Filter ACLs Identifies that this server supports the IBM Filter ACL model 1.3.18.0.2.32.4
Password Policy Identifies that this server supports password policies 1.3.18.0.2.32.5
Sort by DN Enables searches sorted by DNs in addition to regular attributes. 1.3.18.0.2.32.6
Administration Group Delegation Server supports the delegation of server administration to a group of administrators that are specified in the configuration backend. 1.3.18.0.2.32.8
Denial of Service Prevention Server supports the denial of service prevention feature including read/write time-outs. 1.3.18.0.2.32.9
Dereference Alias Option Server supports an option to not dereference aliases by default 1.3.18.0.2.32.10
Admin Daemon Audit Logging Server supports the auditing of the admin daemon. 1.3.18.0.2.32.11
128 Character Table Names The server feature to allow name of unique attributes to be higher than 18 characters (with the maximum of 128 characters). 1.3.18.0.2.32.12
Attribute Caching Search Filter Resolution The server supports attribute caching for search filter resolution. 1.3.18.0.2.32.13
Dynamic Tracing Server supports active tracing for the server with an LDAP extended operation. 1.3.18.0.2.32.14
Entry And Subtree Dynamic Updates The server supports dynamic configuration updates on entries and subtrees. 1.3.18.0.2.32.15
Globally Unique Attributes The server feature to enforce globally unique attribute values. 1.3.18.0.2.32.16
Group-Specific Search Limits Supports extended search limits for a group of people. 1.3.18.0.2.32.17
IBMpolicies Replication Subtree Server supports the replication of the cn=IBMpolicies subtree. 1.3.18.0.2.32.18
Max Age ChangeLog Entries Specifies that the server is capable of retaining changelog entries based on age. 1.3.18.0.2.32.19
Monitor Logging Counts The server provides monitor logging counts for messages added to server, command-line interface, and audit log files. 1.3.18.0.2.32.20
Monitor Active Workers Information The server provides monitor information for active workers (cn=workers,cn=monitor). 1.3.18.0.2.32.21
Monitor Connection Type Counts The server provides monitor connection type counts for SSL and TLS connections. 1.3.18.0.2.32.22
Monitor Connections Information The server provides monitor information for connections by IP address instead of connection ID (cn=connections, cn=monitor) 1.3.18.0.2.32.23
Monitor Operation Counts The server provides new monitor operation counts for initiated and completed operation types. 1.3.18.0.2.32.24
Monitor Tracing Info The server provides monitor information for tracing options currently being used. 1.3.18.0.2.32.25
Null Base Subtree Search Server allows null based subtree search, which searches the entire DIT defined in the server. 1.3.18.0.2.32.26
Proxy Authorization Server supports Proxy Authorization for a group of users. 1.3.18.0.2.32.27
TLS Capabilities Specifies that the server is actually capable of doing TLS. 1.3.18.0.2.32.28
Non-Blocking Replication The server is capable of ignoring some errors received from a consumer (replica) that would normally cause an update to be re-transmitted periodically until a successful result code was received. 1.3.18.0.2.32.29
Kerberos Capability Specifies that the server is capable of using Kerberos. 1.3.18.0.2.32.30
ibm-allMembers and ibm-allGroups operational attributes Indicates whether or not a backend supports searching on the ibm-allGroups and ibm-allMembers operational attributes. 1.3.18.0.2.32.31
Language Tags Server supports language tags. 1.3.6.1.4.1.4203.1.5.4
FIPS mode for GSKit Enables the server to use the encryption algorithms from the ICC FIPS-certified library 1.3.18.0.2.32.32
Modify DN (leaf move) Indicates if modify DN operation supports new superior for leaf entries. Note that this capability is implied by the pre-existing Modify DN (subtree move) capability. Applications should check for both capabilities. 1.3.18.0.2.32.35
Filtered Referrals The server supports limited filtered referrals. 1.3.18.0.2.32.36
Simplify resizing of attributes Allows customers to increase the maximum length of attributes through the schema modification facilities. 1.3.18.0.2.32.37
Global Administration Group Server supports the delegation of server administration to a group of administrators that are specified in the RDBM backend. Global Administrators do not have any authority to the configuration file or log files. 1.3.18.0.2.32.38
AES Encryption Option Server supports auditing of compare operations. 1.3.18.0.2.32.39
Auditing of Compare Server supports auditing of compare operations. 1.3.18.0.2.32.40
Log Management Identifies that this server supports log management. 1.3.18.0.2.32.41
Multi-threaded Replication Replication agreements can specify using multiple threads and connections to a consumer. 1.3.18.0.2.32.42
Supplier Replication Configuration Server configuration of suppliers for replication. 1.3.18.0.2.32.43
Using CN=IBMPOLICIES for Global Updates Server supports the replication of global updates using the replication topology in cn=IBMpolicies subtree. 1.3.18.0.2.32.44
Multihomed configuration support Server supports configuration on multiple IP addresses (multihomed). 1.3.18.0.2.32.45
Multiple Directory Server Instances Architecture Server is designed to run with multiple directory server instances on the same machine. 1.3.18.0.2.32.46
Configuration Tool Auditing Server supports the auditing of the the configuration tools. 1.3.18.0.2.32.47
Audit Configuration Settings Consolidation Identifies that the audit configuration settings are now residing in the ibmslapd configuration file only. 1.3.18.0.2.32.58
Proxy Server Describes whether this server is capable of acting as a proxy server or regular RDBM server. Optional Information. 1.3.18.0.2.32.49
LDAP Attribute Cache Auto Adjust Indicates if autonomic attribute cache is supported and enabled. 1.3.18.0.2.32.50
Replication conflict resolution max entry size Based on this number, a supplier may decide if an entry should be re-added to a target server in order to resolve a replication conflict. 1.3.18.0.2.32.51
LostAndFound log file Supports LostAndFound file for archiving replaced entries as a result of replication conflict resolution. 1.3.18.0.2.32.52
Password Policy Account Lockout Identifies that this server supports password policy Account Locked feature. 1.3.18.0.2.32.53
Password Policy Admin Identifies that this server supports Admin Password Policy. 1.3.18.0.2.32.54
IDS 6.0 ibm-entrychecksumop Identifies that the 6.0 version of the ibm-entrychecksumop calculation was used on the server. 1.3.18.0.2.32.56
LDAP Password Global Start Time Indicates that the server can support ibm-pwdPolicyStartTime attribute in the cn=pwdPolicy entry. 1.3.18.0.2.32.57
CBE Log Format Indicates that TDS log management and conversion to event format is supported. 1.3.18.0.2.32.59
Filter Replication The server feature designed to have only required entries and a subset of its attributes to be replicated. 1.3.18.0.2.32.65
Admin Daemon Denial of Service Prevention Admin daemon supports denial of service features. 1.3.18.0.2.32.72
Admin Daemon Enhanced Monitor Support Admin daemon supports "cn=monitor", "cn=connections,cn=monitor", and "cn=workers,cn=monitor" searches. 1.3.18.0.2.32.73
Admin Daemon Support for Schema Searches Admin daemon supports schema searches. 1.3.18.0.2.32.74

OIDs for ACI mechanisms

The following table shows the OIDs for ACI mechanisms.
Table 28. OIDs for ACI mechanisms

Short name Description OID assigned

IBM SecureWay® V3.2 ACL Model Indicates that the LDAP server supports the IBM SecureWay V3.2 ACL model 1.3.18.0.2.26.2
IBM Filter Based ACL Mechanism Indicates that the LDAP server supports IBM Directory Server v5.1 filter based ACLs. 1.3.18.0.2.26.3
System Restricted ACL Support Server supports specification and evaluation of ACLs on system and restricted attributes. 1.3.18.0.2.26.4

OIDs for extended operations

The following table shows OIDs for extended operations.
Table 29. OIDs for extended operations

Short name Description OID assigned

Account status extended operation This extended operation sends the server a DN of an entry which contains a userPassword attribute, and the server sends back the status of the user account being queried:

open
locked
expired
1.3.18.0.2.12.58
Attribute type extended operations Retrieve attributes by supported capability: operational, language tag, attribute cache, unique or configuration. 1.3.18.0.2.12.46
Begin transaction extended operation Begin a Transactional context. 1.3.18.0.2.12.5
Cascading replication operation extended operation This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology. 1.3.18.0.2.12.15
Clear log extended operation Request to Clear log file. 1.3.18.0.2.12.20
Control replication extended operation This operation is used to force immediate replication, suspend replication, or resume replication by a supplier. This operation is allowed only when the client has update authority to the replication agreement 1.3.18.0.2.12.16
Control queue extended operation This operation marks items as "already replicated" for a specified agreement. This operation is allowed only when the client has update authority to the replication agreement. 1.3.18.0.2.12.17
DN normalization extended operation Request to normalize a DN or a sequence of DNs. 1.3.18.0.2.12.30
Dynamic server trace extended operation Activate or deactivate tracing in the IBM Tivoli Directory Server. 1.3.18.0.2.12.40
Dynamic update requests extended operation Request to update server configuration for IBM Tivoli Directory Server. 1.3.18.0.2.12.28
End transaction extended operation End Transactional context (commit/rollback). 1.3.18.0.2.12.6
Event notification register request extended operation Request registration for events notification. 1.3.18.0.2.12.1
Event notification unregister request extended operation Unregister for events that were registered for using an Event Registration Request. 1.3.18.0.2.12.3
Get file extended operation Returns the contents of a given file on the server. 1.3.18.0.2.12.73
Get lines extended operation Request to get lines from a log file. 1.3.18.0.2.12.22
Get number of lines extended operation Request number of lines in a log file. 1.3.18.0.2.12.24
Group evaluation extended operation Requests all the groups that a given user belongs to. 1.3.18.0.2.12.50
Kill connection extended operation Request to kill connections on the server. The request can be to kill all connections or kill connections by bound DN, IP, or a bound DN from a particular IP. 1.3.18.0.2.12.35
LDAP trace facility extended operation Use this extended operation to control LDAP Trace Facility remotely using the Admin Daemon. 1.3.18.0.2.12.41
Locate entry extended operation This extended operation is used to retrieve the back-end server details of a given set of entry DNs and provide the details to the client. 1.3.18.0.2.12.71
Online Backup extended operation Performs online backup of the directory server instance's DB2® database. 1.3.18.0.2.12.74
Prepare Transaction extended operation This operation enables the server to start processing the operations sent in a transaction. 1.3.18.0.2.12.64
Proxy Backend Server Resume Role Extended Operation Enables the proxy server to resume the configured role of a back-end server in a distributed directory environment 1.3.18.0.2.12.65
Quiesce or unquiesce replication context extended operation This operation puts the subtree into a state where it does not accept client updates (or terminates this state), except for updates from clients authenticated as directory administrators where the Server Administration control is present. 1.3.18.0.2.12.19
Replication error log extended operation Maintenance of a replication error table. 1.3.18.0.2.12.56
Replication topology extended operation Trigger a replication of replication topology-related entries under a given replication context. 1.3.18.0.2.12.54
Start, stop server extended operations Request to start, stop or restart an LDAP server. 1.3.18.0.2.12.26
Start TLS extended operation Request to start Transport Layer Security. 1.3.6.1.4.1.1466.20037
Unique attributes extended operation Feature to enforce attribute uniqueness. 1.3.18.0.2.12.44
Update configuration extended operation Request to update server configuration for IBM Tivoli Directory Server. 1.3.18.0.2.12.28
Update event notification extended operation Request that the event notification plug-in get the updated configuration from the server. 1.3.18.0.2.12.31
Update log access extended operation Request that the log access plug-in get the updated configuration from the server. 1.3.18.0.2.12.32
User type extended operation Request to get the User Type of the bound user. 1.3.18.0.2.12.37
Password Policy Bind Initialize and Verify Extended Operation This extended operation performs password policy bind initialization and verification for a specified user. The extended operation checks to see if an account is locked. This extended operation was introduced to provide a mechanism for the proxy server to support bind plug-ins. 1.3.18.0.2.12.79
Password Policy Finalize and Verify Bind Extended Operation This extended operation performs password policy post-bind processing for a specified user. The extended operation was introduced to provide a mechanism for the proxy server to support bind plug-ins. Post bind processing includes checking for expired passwords, grace logins, and updating failed or successful bind counters. 1.3.18.0.2.12.80

OIDs for controls

The following table shows OIDs for controls.
Table 30. OIDs for controls

Short name Description OID assigned

AES bind control This control enables the IBM Tivoli Directory Server to send updates to the consumer server with passwords already encrypted using AES. 1.3.18.0.2.10.28
Audit control The control sends a sequence of uniqueid strings and a source ip string to the server. When the server receives the control, it audits the list of uniqueids and sourceip in the audit record of the operation. 1.3.18.0.2.10.22
Do not replicate control This control can be specified on an update operation (add, delete, modify,modDn, modRdn). 1.3.18.0.2.10.23
Group authorization control The control sends a list of groups that a user belongs to. 1.3.18.0.2.10.21
Limit Number of Attribute Values Control This control limits the number of attribute values returned for an entry on a search operation. The control can be used to limit the number of values returned for the entire entry. It can also be used to limit the number of values returned for each attribute within an entry. 1.3.18.0.2.10.30
Manage DSAIT control Causes entries with the "ref" attribute to be treated as normal entries, allowing clients to read and modify these entries. 2.16.840.1.113730.3.4.2
Modify groups only control Attached to a delete or modify DN request to cause the server to do only the group referential integrity processing for the delete or rename request without doing the actual delete or rename of the entry itself. The entry named in the delete or modfiy DN request does not need to exist on the server. 1.3.18.0.2.10.25
No replication conflict resolution control When present, a replica server accepts a replicated entry without trying to resolve any replication conflict for this entry. 1.3.18.0.2.10.27
Omit group referential integrity control Omits the group referential integrity processing on a delete or modrdn request. 1.3.18.0.2.10.26
Paged search results control Allows management of the amount of data returned from a search request. 1.2.840.113556.1.4.319
Password policy request control Password policy request or response 1.3.6.1.4.1.42.2.27.8.5.1
Proxy authorization control The Proxy Authorization Control enables a bound user to assert another user's identity. The server uses this asserted identity in the evaluation of ACLs for the operation. 2.16.840.1.113730.3.4.18
Refresh entry control This control is returned when a target server detects a conflict (T0!=T2 & T1>T2) during a replicated modify operation. 1.3.18.0.2.10.24
Replication supplier bind control This control is added by the supplier, if the supplier is a gateway server. 1.3.18.0.2.10.18
Replication update ID control This control was created for serviceability. If the supplier server is set to issue the control, each replicated update is accompanied by this control. 1.3.18.0.2.10.29
Server administration control Allows an update operation by the administrator under conditions when the operation would normally be refused (server is quiesced, a read-only replica, etc.) 1.3.18.0.2.10.15
Sorted search results control Allows a client to receive search results sorted by a list of criteria, where each criterion represents a sort key. 1.2.840.113556.1.4.473
Subtree delete control This control is attached to a Delete request to indicate that the specified entry and all descendent entries are to be deleted. 1.2.840.113556.1.4.805
Transaction control Marks the operation as part of a transactional context. 1.3.18.0.2.10.5

[ Top of Page | Previous Page | Next Page | Contents | Index ]

Short name	Description	OID assigned
Enhanced Replication Model	Identifies the replication model introduced in IBM Directory Server v5.1 including subtree and cascading replication.	1.3.18.0.2.32.1
Entry Checksum	Indicates that this server supports the ibm-entrychecksum and ibm-entrychecksumop features.	1.3.18.0.2.32.2
Entry UUID	This value is listed in the ibm-capabilities Subentry for those suffixes that support the ibm-entryuuid attribute.	1.3.18.0.2.32.3
Filter ACLs	Identifies that this server supports the IBM Filter ACL model	1.3.18.0.2.32.4
Password Policy	Identifies that this server supports password policies	1.3.18.0.2.32.5
Sort by DN	Enables searches sorted by DNs in addition to regular attributes.	1.3.18.0.2.32.6
Administration Group Delegation	Server supports the delegation of server administration to a group of administrators that are specified in the configuration backend.	1.3.18.0.2.32.8
Denial of Service Prevention	Server supports the denial of service prevention feature including read/write time-outs.	1.3.18.0.2.32.9
Dereference Alias Option	Server supports an option to not dereference aliases by default	1.3.18.0.2.32.10
Admin Daemon Audit Logging	Server supports the auditing of the admin daemon.	1.3.18.0.2.32.11
128 Character Table Names	The server feature to allow name of unique attributes to be higher than 18 characters (with the maximum of 128 characters).	1.3.18.0.2.32.12
Attribute Caching Search Filter Resolution	The server supports attribute caching for search filter resolution.	1.3.18.0.2.32.13
Dynamic Tracing	Server supports active tracing for the server with an LDAP extended operation.	1.3.18.0.2.32.14
Entry And Subtree Dynamic Updates	The server supports dynamic configuration updates on entries and subtrees.	1.3.18.0.2.32.15
Globally Unique Attributes	The server feature to enforce globally unique attribute values.	1.3.18.0.2.32.16
Group-Specific Search Limits	Supports extended search limits for a group of people.	1.3.18.0.2.32.17
IBMpolicies Replication Subtree	Server supports the replication of the cn=IBMpolicies subtree.	1.3.18.0.2.32.18
Max Age ChangeLog Entries	Specifies that the server is capable of retaining changelog entries based on age.	1.3.18.0.2.32.19
Monitor Logging Counts	The server provides monitor logging counts for messages added to server, command-line interface, and audit log files.	1.3.18.0.2.32.20
Monitor Active Workers Information	The server provides monitor information for active workers (cn=workers,cn=monitor).	1.3.18.0.2.32.21
Monitor Connection Type Counts	The server provides monitor connection type counts for SSL and TLS connections.	1.3.18.0.2.32.22
Monitor Connections Information	The server provides monitor information for connections by IP address instead of connection ID (cn=connections, cn=monitor)	1.3.18.0.2.32.23
Monitor Operation Counts	The server provides new monitor operation counts for initiated and completed operation types.	1.3.18.0.2.32.24
Monitor Tracing Info	The server provides monitor information for tracing options currently being used.	1.3.18.0.2.32.25
Null Base Subtree Search	Server allows null based subtree search, which searches the entire DIT defined in the server.	1.3.18.0.2.32.26
Proxy Authorization	Server supports Proxy Authorization for a group of users.	1.3.18.0.2.32.27
TLS Capabilities	Specifies that the server is actually capable of doing TLS.	1.3.18.0.2.32.28
Non-Blocking Replication	The server is capable of ignoring some errors received from a consumer (replica) that would normally cause an update to be re-transmitted periodically until a successful result code was received.	1.3.18.0.2.32.29
Kerberos Capability	Specifies that the server is capable of using Kerberos.	1.3.18.0.2.32.30
ibm-allMembers and ibm-allGroups operational attributes	Indicates whether or not a backend supports searching on the ibm-allGroups and ibm-allMembers operational attributes.	1.3.18.0.2.32.31
Language Tags	Server supports language tags.	1.3.6.1.4.1.4203.1.5.4
FIPS mode for GSKit	Enables the server to use the encryption algorithms from the ICC FIPS-certified library	1.3.18.0.2.32.32
Modify DN (leaf move)	Indicates if modify DN operation supports new superior for leaf entries. Note that this capability is implied by the pre-existing Modify DN (subtree move) capability. Applications should check for both capabilities.	1.3.18.0.2.32.35
Filtered Referrals	The server supports limited filtered referrals.	1.3.18.0.2.32.36
Simplify resizing of attributes	Allows customers to increase the maximum length of attributes through the schema modification facilities.	1.3.18.0.2.32.37
Global Administration Group	Server supports the delegation of server administration to a group of administrators that are specified in the RDBM backend. Global Administrators do not have any authority to the configuration file or log files.	1.3.18.0.2.32.38
AES Encryption Option	Server supports auditing of compare operations.	1.3.18.0.2.32.39
Auditing of Compare	Server supports auditing of compare operations.	1.3.18.0.2.32.40
Log Management	Identifies that this server supports log management.	1.3.18.0.2.32.41
Multi-threaded Replication	Replication agreements can specify using multiple threads and connections to a consumer.	1.3.18.0.2.32.42
Supplier Replication Configuration	Server configuration of suppliers for replication.	1.3.18.0.2.32.43
Using CN=IBMPOLICIES for Global Updates	Server supports the replication of global updates using the replication topology in cn=IBMpolicies subtree.	1.3.18.0.2.32.44
Multihomed configuration support	Server supports configuration on multiple IP addresses (multihomed).	1.3.18.0.2.32.45
Multiple Directory Server Instances Architecture	Server is designed to run with multiple directory server instances on the same machine.	1.3.18.0.2.32.46
Configuration Tool Auditing	Server supports the auditing of the the configuration tools.	1.3.18.0.2.32.47
Audit Configuration Settings Consolidation	Identifies that the audit configuration settings are now residing in the ibmslapd configuration file only.	1.3.18.0.2.32.58
Proxy Server	Describes whether this server is capable of acting as a proxy server or regular RDBM server. Optional Information.	1.3.18.0.2.32.49
LDAP Attribute Cache Auto Adjust	Indicates if autonomic attribute cache is supported and enabled.	1.3.18.0.2.32.50
Replication conflict resolution max entry size	Based on this number, a supplier may decide if an entry should be re-added to a target server in order to resolve a replication conflict.	1.3.18.0.2.32.51
LostAndFound log file	Supports LostAndFound file for archiving replaced entries as a result of replication conflict resolution.	1.3.18.0.2.32.52
Password Policy Account Lockout	Identifies that this server supports password policy Account Locked feature.	1.3.18.0.2.32.53
Password Policy Admin	Identifies that this server supports Admin Password Policy.	1.3.18.0.2.32.54
IDS 6.0 ibm-entrychecksumop	Identifies that the 6.0 version of the ibm-entrychecksumop calculation was used on the server.	1.3.18.0.2.32.56
LDAP Password Global Start Time	Indicates that the server can support ibm-pwdPolicyStartTime attribute in the cn=pwdPolicy entry.	1.3.18.0.2.32.57
CBE Log Format	Indicates that TDS log management and conversion to event format is supported.	1.3.18.0.2.32.59
Filter Replication	The server feature designed to have only required entries and a subset of its attributes to be replicated.	1.3.18.0.2.32.65
Admin Daemon Denial of Service Prevention	Admin daemon supports denial of service features.	1.3.18.0.2.32.72
Admin Daemon Enhanced Monitor Support	Admin daemon supports "cn=monitor", "cn=connections,cn=monitor", and "cn=workers,cn=monitor" searches.	1.3.18.0.2.32.73
Admin Daemon Support for Schema Searches	Admin daemon supports schema searches.	1.3.18.0.2.32.74

Short name	Description	OID assigned
IBM SecureWay® V3.2 ACL Model	Indicates that the LDAP server supports the IBM SecureWay V3.2 ACL model	1.3.18.0.2.26.2
IBM Filter Based ACL Mechanism	Indicates that the LDAP server supports IBM Directory Server v5.1 filter based ACLs.	1.3.18.0.2.26.3
System Restricted ACL Support	Server supports specification and evaluation of ACLs on system and restricted attributes.	1.3.18.0.2.26.4

Short name	Description	OID assigned
Account status extended operation	This extended operation sends the server a DN of an entry which contains a userPassword attribute, and the server sends back the status of the user account being queried: open locked expired	1.3.18.0.2.12.58
Attribute type extended operations	Retrieve attributes by supported capability: operational, language tag, attribute cache, unique or configuration.	1.3.18.0.2.12.46
Begin transaction extended operation	Begin a Transactional context.	1.3.18.0.2.12.5
Cascading replication operation extended operation	This operation performs the requested action on the server it is issued to and cascades the call to all consumers beneath it in the replication topology.	1.3.18.0.2.12.15
Clear log extended operation	Request to Clear log file.	1.3.18.0.2.12.20
Control replication extended operation	This operation is used to force immediate replication, suspend replication, or resume replication by a supplier. This operation is allowed only when the client has update authority to the replication agreement	1.3.18.0.2.12.16
Control queue extended operation	This operation marks items as "already replicated" for a specified agreement. This operation is allowed only when the client has update authority to the replication agreement.	1.3.18.0.2.12.17
DN normalization extended operation	Request to normalize a DN or a sequence of DNs.	1.3.18.0.2.12.30
Dynamic server trace extended operation	Activate or deactivate tracing in the IBM Tivoli Directory Server.	1.3.18.0.2.12.40
Dynamic update requests extended operation	Request to update server configuration for IBM Tivoli Directory Server.	1.3.18.0.2.12.28
End transaction extended operation	End Transactional context (commit/rollback).	1.3.18.0.2.12.6
Event notification register request extended operation	Request registration for events notification.	1.3.18.0.2.12.1
Event notification unregister request extended operation	Unregister for events that were registered for using an Event Registration Request.	1.3.18.0.2.12.3
Get file extended operation	Returns the contents of a given file on the server.	1.3.18.0.2.12.73
Get lines extended operation	Request to get lines from a log file.	1.3.18.0.2.12.22
Get number of lines extended operation	Request number of lines in a log file.	1.3.18.0.2.12.24
Group evaluation extended operation	Requests all the groups that a given user belongs to.	1.3.18.0.2.12.50
Kill connection extended operation	Request to kill connections on the server. The request can be to kill all connections or kill connections by bound DN, IP, or a bound DN from a particular IP.	1.3.18.0.2.12.35
LDAP trace facility extended operation	Use this extended operation to control LDAP Trace Facility remotely using the Admin Daemon.	1.3.18.0.2.12.41
Locate entry extended operation	This extended operation is used to retrieve the back-end server details of a given set of entry DNs and provide the details to the client.	1.3.18.0.2.12.71
Online Backup extended operation	Performs online backup of the directory server instance's DB2® database.	1.3.18.0.2.12.74
Prepare Transaction extended operation	This operation enables the server to start processing the operations sent in a transaction.	1.3.18.0.2.12.64
Proxy Backend Server Resume Role Extended Operation	Enables the proxy server to resume the configured role of a back-end server in a distributed directory environment	1.3.18.0.2.12.65
Quiesce or unquiesce replication context extended operation	This operation puts the subtree into a state where it does not accept client updates (or terminates this state), except for updates from clients authenticated as directory administrators where the Server Administration control is present.	1.3.18.0.2.12.19
Replication error log extended operation	Maintenance of a replication error table.	1.3.18.0.2.12.56
Replication topology extended operation	Trigger a replication of replication topology-related entries under a given replication context.	1.3.18.0.2.12.54
Start, stop server extended operations	Request to start, stop or restart an LDAP server.	1.3.18.0.2.12.26
Start TLS extended operation	Request to start Transport Layer Security.	1.3.6.1.4.1.1466.20037
Unique attributes extended operation	Feature to enforce attribute uniqueness.	1.3.18.0.2.12.44
Update configuration extended operation	Request to update server configuration for IBM Tivoli Directory Server.	1.3.18.0.2.12.28
Update event notification extended operation	Request that the event notification plug-in get the updated configuration from the server.	1.3.18.0.2.12.31
Update log access extended operation	Request that the log access plug-in get the updated configuration from the server.	1.3.18.0.2.12.32
User type extended operation	Request to get the User Type of the bound user.	1.3.18.0.2.12.37
Password Policy Bind Initialize and Verify Extended Operation	This extended operation performs password policy bind initialization and verification for a specified user. The extended operation checks to see if an account is locked. This extended operation was introduced to provide a mechanism for the proxy server to support bind plug-ins.	1.3.18.0.2.12.79
Password Policy Finalize and Verify Bind Extended Operation	This extended operation performs password policy post-bind processing for a specified user. The extended operation was introduced to provide a mechanism for the proxy server to support bind plug-ins. Post bind processing includes checking for expired passwords, grace logins, and updating failed or successful bind counters.	1.3.18.0.2.12.80

Short name	Description	OID assigned
AES bind control	This control enables the IBM Tivoli Directory Server to send updates to the consumer server with passwords already encrypted using AES.	1.3.18.0.2.10.28
Audit control	The control sends a sequence of uniqueid strings and a source ip string to the server. When the server receives the control, it audits the list of uniqueids and sourceip in the audit record of the operation.	1.3.18.0.2.10.22
Do not replicate control	This control can be specified on an update operation (add, delete, modify,modDn, modRdn).	1.3.18.0.2.10.23
Group authorization control	The control sends a list of groups that a user belongs to.	1.3.18.0.2.10.21
Limit Number of Attribute Values Control	This control limits the number of attribute values returned for an entry on a search operation. The control can be used to limit the number of values returned for the entire entry. It can also be used to limit the number of values returned for each attribute within an entry.	1.3.18.0.2.10.30
Manage DSAIT control	Causes entries with the "ref" attribute to be treated as normal entries, allowing clients to read and modify these entries.	2.16.840.1.113730.3.4.2
Modify groups only control	Attached to a delete or modify DN request to cause the server to do only the group referential integrity processing for the delete or rename request without doing the actual delete or rename of the entry itself. The entry named in the delete or modfiy DN request does not need to exist on the server.	1.3.18.0.2.10.25
No replication conflict resolution control	When present, a replica server accepts a replicated entry without trying to resolve any replication conflict for this entry.	1.3.18.0.2.10.27
Omit group referential integrity control	Omits the group referential integrity processing on a delete or modrdn request.	1.3.18.0.2.10.26
Paged search results control	Allows management of the amount of data returned from a search request.	1.2.840.113556.1.4.319
Password policy request control	Password policy request or response	1.3.6.1.4.1.42.2.27.8.5.1
Proxy authorization control	The Proxy Authorization Control enables a bound user to assert another user's identity. The server uses this asserted identity in the evaluation of ACLs for the operation.	2.16.840.1.113730.3.4.18
Refresh entry control	This control is returned when a target server detects a conflict (T0!=T2 & T1>T2) during a replicated modify operation.	1.3.18.0.2.10.24
Replication supplier bind control	This control is added by the supplier, if the supplier is a gateway server.	1.3.18.0.2.10.18
Replication update ID control	This control was created for serviceability. If the supplier server is set to issue the control, each replicated update is accompanied by this control.	1.3.18.0.2.10.29
Server administration control	Allows an update operation by the administrator under conditions when the operation would normally be refused (server is quiesced, a read-only replica, etc.)	1.3.18.0.2.10.15
Sorted search results control	Allows a client to receive search results sorted by a list of criteria, where each criterion represents a sort key.	1.2.840.113556.1.4.473
Subtree delete control	This control is attached to a Delete request to indicate that the specified entry and all descendent entries are to be deleted.	1.2.840.113556.1.4.805
Transaction control	Marks the operation as part of a transactional context.	1.3.18.0.2.10.5