configcontext |
cn=config
|
---|---|
entryDN | |
namingContexts |
dc=Test
dc=example,dc=com
dc=example.com
o=Flintstones
o=Simpsons
o=Test
|
objectClass |
top
OpenLDAProotDSE structural |
structuralObjectClass | OpenLDAProotDSE |
subschemaSubentry | cn=Subschema |
supportedControl |
LDAP Proxied Authorization Control The Proxied Authorization Control allows a client to request that an operation be processed under a provided authorization identity [AUTH] instead of as the current authorization identity associated with the connection. ManageDsaIT Control The client may provide the ManageDsaIT control with an operation to indicate that the operation is intended to manage objects within the DSA (server) Information Tree. The control causes Directory-specific entries (DSEs), regardless of type, to be treated as normal entries allowing clients to interrogate and update these entries using LDAP operations. Subentries in LDAP The subentries control MAY be sent with a searchRequest to control the visibility of entries and subentries which are within scope. Non-visible entries or subentries are not returned in response to the request. Dont Use Copy Control When the control is attached to an LDAP request, the requested operation MUST NOT be performed on copied information. That is, the requested operation MUST be performed on original information. Simple Paged Results Manipulation Control Extension This control extension allows a client to control the rate at which an LDAP server returns the results of an LDAP search operation. This control may be useful when the LDAP client has limited resources and may not be able to process the entire result set from a given LDAP query, or when the LDAP client is connected over a low-bandwidth connection. Matched Values Control Describes a control for the LDAP v3 that is used to return a subset of attribute values from an entry. Specifically, only those values that match a 'values return' filter. Without support for this control, a client must retrieve all of an attribute's values and search for specific values locally. Post-Read Controls The Pre-Read request control, indicates that a copy of the entry before application of update is to be returned. Pre-Read Controls The Pre-Read request control, indicates that a copy of the entry before application of update is to be returned. Assertion Control The assertion control allows the client to specify a condition that must be true for the operation to be processed normally. |
supportedExtension |
Transport Layer Security Extension This operation provides for TLS establishment in an LDAP association and is defined in terms of an LDAP extended request. LDAP Password Modify Extended Operation An LDAP extended operation to allow modification of user passwords which is not dependent upon the form of the authentication identity nor the password storage mechanism used. Who Am I? Extended Operation This specification provides a mechanism for Lightweight Directory Access Protocol (LDAP) clients to obtain the authorization identity which the server has associated with the user or application entity. Cancel Operation. RFC 3909 extension No description available, can you help with one? |
supportedFeatures |
Modify-Increment Extension An extension to the Lightweight Directory Access Protocol (LDAP) Modify operation to support an increment capability. All Operational Attribute An LDAP extension which clients may use to request the return of all operational attributes. Requesting Attributes by Object Class Extends LDAP to support a mechanism that LDAP clients may use to request the return of all attributes of an object class. LDAP Absolute True and False Filters Implementations of this extension SHALL allow 'and' and 'or' choices with zero filter elements. Language Tags Supports storing attributes with language tag options in the DIT Language Ranges Supports language range matching of attributes with language tag options stored in the DIT |
supportedLDAPVersion |
3
|
supportedSASLMechanisms |
Salted Challenge Response Authentication Mechanism (SCRAM) SHA1 This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the requirements necessary to deploy a challenge- response mechanism more widely than past attempts. Salted Challenge Response Authentication Mechanism (SCRAM) SHA256 The SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL mechanisms are defined in the same way that SCRAM-SHA-1 and SCRAM-SHA-1-PLUS are defined in [RFC5802], except that the hash function for HMAC() and H() uses SHA-256 instead of SHA-1 [RFC6234]. Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API Extends [RFC4120] and [RFC4121] such that the client can communicate with the KDC using a Generic Security Service Application Program Interface (GSS-API) [RFC2743] acceptor as the proxy. Family of mechanisms supports arbitrary GSS-API mechanisms in SASL GS2 is a protocol bridge between GSS-API and SASL, and allows every GSS-API mechanism that supports mutual authentication and channel bindings to be used as a SASL mechanism. This implements Kerberos V5 authentication. Generic Security Services Application Program Interface The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. GSS-SPNEGO security mechanism for LDAP bind requests The DC accepts the GSS-SPNEGO security mechanism for LDAP bind requests. This mechanism is documented in [RFC4178]. Active Directory supports Kerberos (see [MS-KILE]) and NTLM (see [MS-NLMP]) when using GSS-SPNEGO. HTTP Digest compatible (partially) challenge-response scheme based upon MD5, offering a data security layer In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response. One-Time Password Mechanism Simple challenge-response scheme based on HMAC-MD5 When using the CRAM-MD5 mechanism, the LDAP server sends some data to the LDAP client. The client responds by encrypting the data with its password by using the MD5 algorithm. The LDAP server then uses the client's stored password to determine whether the client used the right password. MS Windows NT LAN Manager authentication mechanism |