UnboundID LDAP SDK for Java

Ping Identity
Product Information
Advantages of the LDAP SDK

Support for the Most Recent Specifications

The original LDAPv3 specifications were released in 1997, but an updated specification was released in 2006, and there have been a number of other additions, especially in the form of controls and extended operations. Neither JNDI nor the Netscape Directory SDK for Java have been significantly updated over time to reflect the evolving nature of LDAP and to add support for new capabilities. On the other hand, the UnboundID LDAP SDK for Java supports the core LDAP protocol and a large number of extensions, including many of the most recent specifications.

The following table provides a comparison of LDAP specifications supported by JNDI, the Netscape Directory SDK for Java, and the UnboundID LDAP SDK for Java. It is assumed that all SDKs provide general support for at least the initial core LDAPv3 specification, so this table will primarily focus on specifications released after that.

Specification JNDI Netscape SDK UnboundID SDK
Simple Paged Results Control (RFC 2696) X X
StartTLS (RFC 2830) X X
LDIF v1 (RFC 2849) X X
Server-Side Sort Control (RFC 2891) X X X
Password Modify Extended Operation (RFC 3062) X
ManageDsaIT (RFC 3296) X X
Authorization Identity Controls (RFC 3866) X
Matched Values Control (RFC 3876) X
Cancel Extended Operation (RFC 3909) X
Proxied Authorization V2 Control (RFC 4370) X
EXTERNAL SASL Mechanism (RFC 4422) X X X
ANONYMOUS SASL Mechanism (RFC 4505) X
Notice of Disconnection Unsolicited Notification (RFC 4511) X
Increment Modify Extension (RFC 4525) X
Read Entry Controls (RFC 4527) X
Assertion Control (RFC 4528) X
"Who Am I?" Extended Operation (RFC 4532) X
Content Synchronization Operation (RFC 4533) X
PLAIN SASL Mechanism (RFC 4616) X X
GSSAPI SASL Mechanism (RFC 4876) X X
SCRAM-SHA-1 SASL Mechanism (RFC 5802) X
LDAP Transactions (RFC 5805) X
LDAP Don't Use Copy Control (RFC 6171) X
SCRAM-SHA-256 SASL Mechanism (RFC 7677) X
Subtree Delete Control (draft-armijo-ldap-treedelete) X
Password Policy Control (draft-behera-ldap-password-policy) X (*)
LDAP Change Records (draft-good-ldap-changelog) X
Virtual List View Control (draft-ietf-ldapext-ldapv3-vlv) X X
Persistent Search / Entry Change Notification Controls (draft-ietf-ldapext-psearch) X X
Subentries Control (draft-ietf-ldup-subentry) X
CRAM-MD5 SASL Mechanism (draft-ietf-sasl-crammd5) X X
Subordinate Subtree Search Scope (draft-sermersheim-ldap-subordinate-scope) X
Password Expired / Password Expiring Controls (draft-vchu-ldap-pwd-policy) X X
Proxied Authorization V1 Control (draft-weltman-ldapv3-proxy) X X
LDAP No-Op Control (draft-zeilenga-ldap-noop) X (*)

(*) -- At present, these specifications are not yet considered complete enough to provide a stable interface for general use. As such, these features are only supported for use with the Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 Directory Server. Whenever these specifications reach a sufficient level of maturity to make it possible to safely implement them in a cross-server manner, then they will be made available for general use.