An extension that allows to inject controls to incoming requests.
Supported controls and their OIDs:
- AdministrativeOperation (1.3.6.1.4.1.30221.2.5.11)
- DontUseCopy (1.3.6.1.1.22)
- ExtendedSchemaInfo (1.3.6.1.4.1.30221.2.5.12)
- HardDelete (1.3.6.1.4.1.30221.2.5.22)
- IgnoreNoUserModification (1.3.6.1.4.1.30221.2.5.5)
- ManageDsaIT (2.16.840.1.113730.3.4.2)
- NameWithEntryUUID (1.3.6.1.4.1.30221.2.5.44)
- NoOp (1.3.6.1.4.1.4203.1.10.2)
- PermissiveModify (1.2.840.113556.1.4.1413)
- RealAttributesOnly (2.16.840.1.113730.3.4.17)
- ReplicationRepair (1.3.6.1.4.1.30221.1.5.2)
- RetainIdentity (1.3.6.1.4.1.30221.2.5.3)
- ReturnConflictEntries (1.3.6.1.4.1.30221.2.5.13)
- Subentries (1.3.6.1.4.1.7628.5.101.1)
- SubtreeDelete (1.2.840.113556.1.4.805)
- SuppressReferentialIntegrityUpdates (1.3.6.1.4.1.30221.2.5.30)
- Undelete (1.3.6.1.4.1.30221.2.5.23)
- VirtualAttributesOnly (2.16.840.1.113730.3.4.19)
The list above is provided because you may have to add ACI rules to allow for the control to be used. For example:
(targetcontrol="1.3.6.1.4.1.4203.1.10.2")(version 3.0; acl "allow use of NoOp control on own entry"; allow(read) userdn="ldap:///self";)
To create a plugin:
dsconfig create-plugin
--plugin-name noop-injector
--type third-party
--set enabled:false
--set plugin-type:preparseabandon
--set plugin-type:preparseadd
--set plugin-type:preparsebind
--set plugin-type:preparsecompare
--set plugin-type:preparsedelete
--set plugin-type:preparseextended
--set plugin-type:preparsemodify
--set plugin-type:preparsemodifydn
--set plugin-type:preparsesearch
--set plugin-type:preparseunbind
--set extension-class:com.pingidentity.ds.plugin.ControlsInjector
--set extension-argument:request-control=NoOp
--set request-criteria:the-request-criteria-name
To retrieve monitoring information, search cn=monitor like:
ldapsearch -b cn=monitor '(objectClass=ds-monitor-controls-injector)' dn: cn=noop-injector-monitor [from ThirdPartyPlugin:noop-injector],cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-monitor-controls-injector objectClass: extensibleObject cn: noop-injector-monitor [from ThirdPartyPlugin:noop-injector] ds-extension-monitor-name: noop-injector-monitor ds-extension-type: ThirdPartyPlugin ds-extension-name: noop-injector processed-add: 0 processed-modify: 0 processed-compare: 0 processed-search: 0 processed-sasl-bind: 0 processed-abandon: 0 processed-unbind: 0 processed-simple-bind: 0 processed-extended: 0 processed-moddn: 0
This example plugin would inject the NoOp control, as illustrated below:
ldapmodify dn: uid=user.7,ou=People,dc=example,dc=com changetype: modify replace: description description: controls injector test 4 # Modifying entry uid=user.7,ou=People,dc=example,dc=com ... # Result Code: 16654 (no operation) # Diagnostic Message: The modify operation was not actually performed in the Directory Server backend because the LDAP no-op control was present in the request
NOTE: you probably should never use this plugin without a request criteria.
Allowed Arguments
| Argument Name: | request-control |
| Description: | The name of a supported request control. Currently supported controls list:
|
| Data Type: | String |
| Is Required: | true |
| Maximum Occurrences: | 1 |