3112N/A<?
xml version="1.0" encoding="UTF-8"?>
3112N/A ! This work is licensed under the Creative Commons 3112N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 3112N/A ! To view a copy of this license, visit 3112N/A ! or send a letter to Creative Commons, 444 Castro Street, 3112N/A ! Suite 900, Mountain View, California, 94041, USA. 3112N/A ! You can also obtain a copy of the license at 3112N/A ! See the License for the specific language governing permissions 3112N/A ! and limitations under the License. 3112N/A ! If applicable, add the following below this CCPL HEADER, with the fields 3112N/A ! enclosed by brackets "[]" replaced with your own identifying information: 3112N/A ! Portions Copyright [yyyy] [name of copyright owner] 3112N/A ! Copyright 2011-2012 ForgeRock AS 3112N/A<
chapter xml:
id='chap-extended-ops' 3832N/A <
title>Working With Extended Operations</
title>
3832N/A <
primary>Extended operations</
primary>
5580N/A <
secondary>Extended operations</
secondary>
5580N/A <
para>This chapter demonstrates how to use LDAP extended operations.</
para>
5580N/A <
para>For complete examples corresponding to the excerpts shown below, see
4978N/A xlink:
show="new">OpenDJ LDAP SDK examples</
link>.</
para>
4978N/A <
section xml:
id="about-ldap-extended-operations">
3832N/A <
title>About LDAP Extended Operations</
title>
4458N/A <
para>Extended operations allow additional operations to be defined for
4458N/A services not already available in the protocol</
para>
4458N/A <
section xml:
id="get-supported-extended-operations">
4458N/A <
title>Determining Supported Extended Operations</
title>
4495N/A <
primary>Extended operations</
primary>
4495N/A <
secondary>Supported</
secondary>
4495N/A <
secondary>Checking supported features</
secondary>
4458N/A <
para>For OpenDJ, the extended operations supported are listed in the
4458N/A <
citetitle>Administration Guide</
citetitle> appendix, <
link 4458N/A xlink:
href="admin-guide#appendix-extended-ops" 4714N/A Operations</
citetitle></
link>. You can access the list of OIDs for
4714N/A supported LDAP controls by reading the <
literal>supportedExtension</
literal>
4458N/A attribute of the root DSE.</
para>
4458N/A "(objectclass=*)" supportedExtension
4458N/AsupportedExtension: 1.3.6.1.1.8
4458N/AsupportedExtension: 1.3.6.1.4.1.26027.1.6.1
4723N/AsupportedExtension: 1.3.6.1.4.1.26027.1.6.2
4458N/AsupportedExtension: 1.3.6.1.4.1.26027.1.6.3
4458N/AsupportedExtension: 1.3.6.1.4.1.4203.1.11.1
4458N/AsupportedExtension: 1.3.6.1.4.1.4203.1.11.3
4458N/AsupportedExtension: 1.3.6.1.4.1.1466.20037</
screen>
5417N/A <
para>The following excerpt shows code to check for supported extended
4714N/A <
programlisting language="java">
4714N/A * Controls supported by the LDAP server.
3832N/Aprivate static Collection<String> extendedOperations;
4458N/A * Populate the list of supported LDAP extended operation OIDs.
4458N/A * Active connection to the LDAP server.
4458N/A * @throws ErrorResultException
5061N/A * Failed to get list of extended operations.
900N/Astatic void checkSupportedExtendedOperations(Connection connection)
4458N/A throws ErrorResultException {
927N/A .getSupportedExtendedOperations();
4714N/A * Check whether an extended operation is supported. Call
4458N/A * {@code checkSupportedExtendedOperations} first.
4458N/A * Check support for this extended operation, provided by OID.
4716N/A * @return True if the control is supported.
4495N/Astatic boolean isSupported(final String extendedOperation) {
<
section xml:
id="use-cancel-extended-operation">
<
title>Cancel Extended Operation</
title>
<
primary>Extended operations</
primary>
<
secondary>Cancel</
secondary>
<
primary>Searches</
primary>
<
secondary>Cancel</
secondary>
xlink:
show="new"><
citetitle>LDAP Cancel Operation</
citetitle></
link>, defines
an extended operation that lets you cancel an operation in progress and get
an indication of the outcome.</
para>
<
para>The Cancel extended request uses the request ID of operation you
want to cancel, and so therefore works with asynchronous searches and
updates. Depending on the delay between your application sending the Cancel
request and the directory server receiving the request, the server might have
already finished processing the original request before it receives your
<
para>You can add a Cancel extended request for example to stop handling
entries returned from a search if the directory server returns more entries
<
programlisting language="java">
private static final CountDownLatch COMPLETION_LATCH = new CountDownLatch(1);
private static final CountDownLatch CANCEL_LATCH = new CountDownLatch(1);
private static final LDIFEntryWriter WRITER = new LDIFEntryWriter(
System.out);
static int entryCount = 0;
// The requestID is obtained from the future result of the asynchronous search.
private static final class SearchResultHandlerImpl
implements SearchResultHandler {
public synchronized boolean handleEntry(final SearchResultEntry entry) {
// Cancel the search if it returns too many results.
if (entryCount < 10) {
CancelExtendedRequest request =
request, null, new CancelResultHandlerImpl());
} catch (final IOException e) {
private static final class CancelResultHandlerImpl
implements ResultHandler<ExtendedResult> {
public void handleErrorResult(final ErrorResultException error) {
public void handleResult(final ExtendedResult result) {
<
para>OpenDJ directory server supports the cancel operation. If OpenDJ
directory server manages to return all entries in
<
filename>
Example.ldif</
filename> before it receives the Cancel extended
request, you can see the Cancel request fail because the request ID refers
to the search, which is no longer in progress. Try adding a new base DN using
OpenDJ control panel and adding the default 2000 generated entries to ensure
more search results. For example if <
literal>dc=example,dc=org</
literal>
contains 2000 generated entries, and the <
literal>SearchAsync</
literal>
example is run with the arguments <
literal>sub objectclass=* cn</
literal>
for scope, filter, and attributes respectively, then the example produces
something like the following output:</
para>
Canceled: Processing on this operation was terminated as a result of receiving
a cancel request (message ID 3)
# Search result entry: dc=example,dc=org
# Search result entry: ou=People,dc=example,dc=org
dn: ou=People,dc=example,dc=org
# Search result entry: uid=user.0,ou=People,dc=example,dc=org
dn: uid=user.0,ou=People,dc=example,dc=org
Cancel request succeeded</
programlisting>
<
section xml:
id="use-password-modify-extended-operation">
<
title>Password Modify Extended Operation</
title>
<
primary>Extended operations</
primary>
<
secondary>Password modify</
secondary>
<
primary>Modifications</
primary>
<
secondary>Password modify</
secondary>
xlink:
show="new"><
citetitle>LDAP Password Modify Extended
Operation</
citetitle></
link>, defines an extended operation for modifying
user passwords that does not depend on the authentication identity, nor on
the way passwords are stored.</
para>
<
programlisting language="java">
final String userIdentity = "u:scarter";
final char[] oldPassword = "sprain".toCharArray();
final char[] newPassword = "secret12".toCharArray();
final PasswordModifyExtendedRequest request =
.setUserIdentity(userIdentity)
.setOldPassword(oldPassword)
.setNewPassword(newPassword);
final PasswordModifyExtendedResult result =
<
para>OpenDJ directory server supports the password modify operation.</
para>
<
programlisting>Changed password for u:scarter</
programlisting>
<
section xml:
id="use-starttls-extended-operation">
<
title>Start TLS Extended Operation</
title>
<
para>Use Start TLS when setting up your connection to protect what your
application sends to and receives from the directory server. For an example,
read the section on <
link xlink:
href="dev-guide#simple-auth-with-starttls-or-ssl" SSL Authentication</
citetitle></
link>.</
para>
<
section xml:
id="use-who-am-i-extended-operation">
<
title>Who am I? Extended Operation</
title>
<
primary>Extended operations</
primary>
<
secondary>Who am I?</
secondary>
<
primary>Authorizations</
primary>
xlink:
show="new"><
citetitle>LDAP "Who am I?" Operation</
citetitle></
link>,
defines an extended operation that lets your application determine the
current authorization ID.</
para>
<
programlisting language="java">
final String name = "uid=bjensen,ou=People,dc=example,dc=com";
final char[] password = "hifalutin".toCharArray();
final WhoAmIExtendedRequest request =
final WhoAmIExtendedResult extResult =
<
para>OpenDJ directory server supports the "Who am I?" operation.</
para>
>Authz ID: dn:uid=bjensen,ou=People,dc=example,dc=com</
programlisting>