LDAP SDK Feature Overview
Server-Independent Functionality
General LDAP Communication
-
Full support for all LDAPv3 operations (abandon, add, bind, compare, delete,
extended, modify, modify DN, search, and unbind operations). Intermediate
response and unsolicited notification messages are also supported.
-
Support for encrypted communication via SSL/TLS, as well as the StartTLS
extended operation. SASL integrity and confidentiality are supported for the
DIGEST-MD5 and GSSAPI mechanisms.
-
Support for connection pooling
-
Support for connection-based failover and load balancing
-
General support for accessing server schema information
-
Support for accessing server root DSE information
-
Support for parsing entries
-
DN parsing and normalization
-
Filter parsing and construction
-
LDAP URL parsing
-
Support for automatic reconnect
-
Support for automatic referral following
Supported Standard SASL Mechanisms
- ANONYMOUS (RFC 4505)
- CRAM-MD5 (draft-ietf-sasl-crammd5)
- DIGEST-MD5 (RFC 2831)
- EXTERNAL (RFC 4422)
- GSSAPI (RFC 4752)
- PLAIN (RFC 4616)
- SCRAM-SHA-1 (RFC 5802)
- SCRAM-SHA-256 (RFC 7677)
- SCRAM-SHA-512
Supported Standard Controls
- Authorization Identity (RFC 3829)
- LDAP Assertions (RFC 4528)
- LDAP Content Synchronization (RFC 4533)
- LDAP Don't Use Copy (RFC 6171)
- LDAP No-Op (draft-zeilenga-ldap-noop)
- LDAP Subentries (draft-ietf-ldup-subentry)
- ManageDsaIT (RFC 3296)
- Matched Values (RFC 3876)
- Password Expired (draft-vchu-ldap-pwd-policy)
- Password Expiring (draft-vchu-ldap-pwd-policy)
- Password Policy (draft-behera-ldap-password-policy)
- Persistent Search and Entry Change Notification
(draft-ietf-ldapext-psearch)
- Pre-Read and Post-Read (RFC 4527)
- Proxied Authorization V1 (draft-weltman-ldapv3-proxy)
- Proxied Authorization V2 (RFC 4370)
- Server-Side Sort (RFC 2891)
- Simple Paged Results (RFC 2696)
- Subtree Delete (draft-armijo-ldap-treedelete)
- Transaction Specification (RFC 5805)
- Virtual List View (draft-ietf-ldapext-ldapv3-vlv)
Supported Standard Extended Operations
- Aborted Transaction Unsolicited Notification (RFC 5805)
- Cancel (RFC 3909)
- Notice of Disconnection Unsolicited Notification (RFC 4511)
- Password Modify (RFC 3062)
- Start and End Transaction (RFC 5805)
- StartTLS (RFC 4511)
- Who Am I? (RFC 4532)
Additional Server-Independent Features
- LDAP persistence framework for interacting with LDAP entries as Java
objects
- LDIF processing: reading and writing entries and change records in LDIF
form, LDIF transformations
- ASN.1 BER processing: Boolean, enumerated, generalized time, IA5 string,
integer, null, numeric string, object identifier, octet string, printable
string, sequence, set, UTC time, UTF-8 string, and general ASN.1 elements
- Base32, Base64, and Base64URL encoding and decoding
- Command-line argument parsing and command-line tool framework
- Numerous LDAP-related command-line tools, including ldapsearch, ldapmodify,
ldapcompare, searchrate, modrate, authrate, search-and-mod-rate, ldap-debugger,
identify-references-to-missing-entries, identify-unique-attribute-conflicts,
indent-ldap-filter, base64, manage-certifiates, move-subtree, split-ldif,
transform-ldif, and validate-ldif
- Client-side entry sorting
- Client-side subtree deletes
- Client-side filter evaluation
- Localization support
- Debugging support
- Simplified TLS support
- X.509 certificate management
- LDAP-related unit testing support
- LDAP listener support, including an n-memory directory server
- Rate-limiting support
- JSON support
Enhanced Functionality for the Ping Identity Directory Server
Additional SASL Mechanisms
- UNBOUNDID-CERTIFICATE-PLUS-PASSWORD
- UNBOUNDID-DELIVERED-OTP
- UNBOUNDID-TOTP
- UNBOUNDID-YUBIKEY-OTP
Additional Controls
- Account Usable
- Administrative Operation
- Assured Replication
- Exclude Branch
- Extended Schema Info
- Generate Password
- Get Authorization Entry
- Get Backend Set ID
- Get Effective Rights
- Get Password Policy State Issues
- Get Server ID
- Get User Resource Limits
- Hard Delete
- Ignore NO-USER-MODIFICATION
- Intermediate Client
- LDAP Join
- Matching Entry Count
- Name With entryUUID
- Operation Purpose
- Password Update Behavior
- Password Validation Details
- Permit Unindexed Search
- Purge Password
- Real Attributes Only
- Reject Unindexed Search
- Replication Repair
- Retain Identity
- Retire Password
- Return Conflict Entries
- Route To Backend Set
- Route To Server
- Soft Delete
- Soft Deleted Entry Access
- Suppress Operational Attribute Update
- Suppress Referential Integrity Updates
- Transaction Settings
- Undelete
- Uniqueness
- Virtual Attributes Only
Additional Extended Operations
- Clear Missed Notification Changes Alarm
- Collect Support Data
- Consume Single-Use Token
- Delete Notification Destination
- Delete Notification Subscription
- Deliver One-Time Password
- Deliver Password Reset Token
- Deliver Single-Use Toekn
- Deregister YubiKey OTP Device
- End Administrative Session
- Generate Password
- Generate TOTP Shared Secret
- Get Backup Compatibility Descriptor
- Get Changelog Batch
- Get Configuration
- Get Connection ID
- Get Password Quality Requirements
- Get Subtree Accessibility
- Get Supported OTP Delivery Mechanisms
- Identify Backup Compatibility Problems
- List Configurations
- List Notification Subscriptions
- Multi-Update
- Password Policy State
- Register YubiKey OTP Device
- Revoke TOTP Shared Secret
- Set Notification Destination
- Set Notification Subscription
- Set Subtree Accessibility
- Start Administrative Session
- Stream Directory Values
- Stream Proxy Values
- Validate TOTP Password
Additional Ping Identity-Proprietary Features
- Interacting with administrative alerts and alarms
- Enhanced changelog entry support
- Enhanced root DSE support
- Soft-deleted entry support
- JSON object filter support
- Log parsing support
- Monitor entry support
- Administrative task support
