UnboundID LDAP SDK for Java

LDAP SDK Home Page
Product Information
Additional Functionality in the Commercial Edition

Overview of Additional Functionality in the Commercial Edition

The Commercial Edition of the UnboundID LDAP SDK for Java provides a significant amount of additional functionality that is available for use when the SDK is used to communicate with an instance of the UnboundID Directory Server. This page describes that additional functionality.

Additional Controls

The following additional controls are available when communicating with an UnboundID Directory Server instance:

  • Account Usability Control -- Provides information about whether a specified user account is available for use, and if not information about why it may be unavailable.

  • Administrative Operation Control -- Indicates that the associated request is intended for some administrative purpose rather than a general application request. Operations with this control may be treated specially by the server, including placing additional information in access log messages and excluding them from inclusion in response time histogram tracking.

  • Batched Transaction Specification Control -- Indicates that the associated operation is part of a batched transaction. This must be used in conjunction with the start batched transaction and end batched transaction extended operations.

  • Exclude Branch Control -- Provides the ability to exclude entries in a specified set of branches from search results.

  • Extended Schema Information Control -- Provides the ability to request that the server return extended information (including information about the files in which schema elements are defined and whether those definitions are considered read-only) as part of the server schema.

  • Get Authorization Entry Control -- Provides the ability to retrieve the entries for the authentication and/or authorization entries for the user in the bind response received from the server.

  • Get Effective Rights Control -- Provides access to information about what rights a specified user has when interacting with a given entry.

  • Get Server ID Control -- Provides a way for the client to request information about which server was actually used to process a request (including the ability to make that determination through a Directory Proxy Server). It may be used in conjunction with the route to server request control to request that an operation be processed by a specific server.

  • Ignore NO-USER-MODIFICATION Control -- Provides the ability to add an entry to a Directory Server that already contains attributes which may be marked NO-USER-MODIFICATION in the server schema.

  • Interactive Transaction Specification Control -- Indicates that the specified operation is part of an interactive transaction. This must be used in conjunction with the start interactive transaction and end interactive transaction extended operations.

  • Intermediate Client Control -- May be used to help track requests and responses through a directory environment (e.g., between a client, a directory proxy server, and a directory server).

  • Join Control -- Can be used to correlate search result entries with other entries related based on a given set of criteria.

  • No Operation Control -- Provides the ability to request that the server validate that a write operation would likely succeed, but without making any changes to data in the server.

  • Operation Purpose Control -- Provides the ability for a client to identify itself to the server and provide information about the reason for the associated operation.

  • Password Policy Control -- Provides password policy-related information for a user account.

  • Real Attributes Only Control -- Indicates that search entries returned should not include any virtual attributes.

  • Replication Repair Control -- Provides the ability to make a change in the server which will not be replicated to other servers, primarily intended for fixing problems due to replication conflicts.

  • Retain Identity Control -- May be used with a bind request to indicate that the server should process the bind but not actually change the identity associated with the client connection.

  • Route to Server Control -- May be used to request that the operation be routed to a particular backend server. This is primarily intended for use when the request is to be sent through a Directory Proxy Server.

  • Unsolicited Cancel Control -- Indicates that the associated operation was canceled by the Directory Server for a reason other than being canceled by the client (e.g., because the client connection is being closed or the server is shutting down and all outstanding requests are being canceled).

  • Virtual Attributes Only Control -- Indicates that search entries returned should only include virtual attributes.

Additional Extended Operations

The following additional extended operations are available when communicating with an UnboundID Directory Server instance:

  • End Administrative Session -- Indicates that the server should end an active administrative session for the connection.

  • End Batched Transaction -- Indicates that the server should either commit or abort a batched transaction.

  • End Interactive Transaction -- Indicates that the server should either commit or abort an interactive transaction.

  • Get Changelog Batch -- Allows the client to request a batch of changelog entries from the server. This may be used to retrieve information about changes in a manner that works across multiple servers (and through a Directory Proxy Server) and can resume where the last batch ended.

  • Get Connection ID -- Allows the client to request the connection ID associated with the client connection used to issue the request.

  • Password Policy State -- Allows the client to get and set a number of properties related to a user's password policy state.

  • Start Administrative Session -- Creates an administrative session that can be used to request that operations be processed using a dedicated pool of worker threads.

  • Start Batched Transaction -- Indicates that the client wishes to perform multiple updates as part of a single atomic transaction.

  • Start Interactive Transaction -- Indicates that the client wishes to process multiple operations as a single atomic unit using a transaction.

  • Stream Directory Values -- Provides the ability to obtain a list of entry DNs and/or the values of specified attributes for all entries in a specified portion of the DIT.

Access to Monitor Data

The UnboundID LDAP SDK for Java provides access to the following types of monitor information:

  • Active Operations -- Information about operations currently in progress in the Directory Server.

  • Backend -- Information about configured Directory Server backends.

  • Client Connection -- Information about all client connections currently established.

  • Connection Handler -- Information about configured Directory Server connection handlers.

  • Disk Space Usage -- Information about components of the server which may consume a significant amount of disk space.

  • Entry Cache -- Information about the state of the Directory Server entry cache.

  • FIFO Entry Cache -- Information about the state of a FIFO entry cache configured in the Directory Server.

  • General -- General information about the state of the server.

  • Index -- Information about index content and usage in a Berkeley DB JE backend.

  • JE Environment -- Information about the Berkeley DB Java Edition environment in use by a Directory Server backend.

  • LDAP External Server -- Information about backend servers used by the UnboundID Directory Proxy Server.

  • LDAP Statistics -- Information about the types of communication performed by an LDAP connection handler.

  • Memory Usage -- Information about memory usage and garbage collection within the JVM.

  • Processing Time Histogram -- Information about the time required for the server to process various types of operations.

  • Replica -- Information about the sate of a replica for a portion of the replicated content.

  • Replication Server -- Information about the state of a replication server for a portion of the replicated content.

  • Replication Summary -- Information about the replication state for a specified portion of the server DIT.

  • Stack Trace -- A stack trace of all threads running in the Directory Server JVM.

  • System Info -- Information about the underlying system and JVM used to run the Directory Server.

  • Traditional Work Queue -- Information about the state of the Directory Server traditional work queue.

  • UnboundID Work Queue -- Information about the state of the enhanced UnboundID Directory Server work queue.

  • Version -- Information about the Directory Server version.

Support for Managing Tasks

The UnboundID LDAP SDK for Java provides support for scheduling and managing the following types of tasks:

  • Add Schema File -- Add the contents of one or more schema files to the server schema.

  • Alert -- Generate arbitrary administrative alerts and alter the the set of degraded and unavailable alert types for the server.

  • Audit Data Security -- Provides the ability to initiate a data security audit in the server to identify information in entries that may have an impact on the security of the environment.

  • Backup -- Back up the contents of one or more Directory Server backends.

  • Disconnect Client -- Terminate a specified client connection.

  • Dump DB Details -- Retrieve information about the state of the individual databases that comprise a Berkeley DB JE backend.

  • Enter Lockdown Mode -- Cause the Directory Server to enter a restricted operation mode.

  • Export -- Export the contents of a Directory Server backend to LDIF.

  • Groovy-Scripted -- Invokes a custom task written in the Groovy scripting language with the UnboundID Server SDK.

  • Import -- Import LDIF data into a Directory Server backend.

  • Leave Lockdown Mode -- Cause the Directory Server to leave the restricted operation mode.

  • Rebuild -- Generate or rebuild indexes for a Berkeley DB Java Edition backend.

  • Refresh Encryption Settings -- Causes the Directory Server to reload its encryption settings definitions after a change was made to the set of definitions.

  • Restore -- Restore a backup for a specified Directory Server backend.

  • Search -- Perform an internal search and write the results to a specified file on the server filesystem.

  • Shutdown -- Shut down or restart the Directory Server.

  • Third-Party -- Invokes a custom Java-based task written with the UnboundID Server SDK.

Other Commercial Edition APIs

The UnboundID LDAP SDK for Java also provides support for the following additional capabilities that are specifically intended for use in conjunction with the UnboundID Directory Server:

  • Alert Entry Parsing -- The LDAP SDK provides support for parsing alert entries as included in the UnboundID Directory Server's administrative alerts backend.

  • Changelog Entry Parsing -- The LDAP SDK provides support for parsing UnboundID-proprietary attributes contained in changelog entries, including information about values of updated attributes before and after the change, and also about key attributes from the entry.

  • Log File Parsing -- The LDAP SDK provides support for parsing access and error log messages generated by the UnboundID Directory Server.