The original LDAPv3 specifications were released in 1997, but an updated
specification was released in 2006, and there have been a number of other
additions, especially in the form of controls and extended operations. Neither
JNDI nor the Netscape Directory SDK for Java have been significantly updated over
time to reflect the evolving nature of LDAP and to add support for new
capabilities. On the other hand, the UnboundID LDAP SDK for Java supports the
core LDAP protocol and a large number of extensions, including many of the most
recent specifications.
The following table provides a comparison of LDAP specifications supported by JNDI,
the Netscape Directory SDK for Java, and the UnboundID LDAP SDK for Java. It is
assumed that all SDKs provide general support for at least the initial core LDAPv3
specification, so this table will primarily focus on specifications released after
that.
Specification |
JNDI |
Netscape SDK |
UnboundID SDK |
Simple Paged Results Control (RFC 2696) |
X |
|
X |
StartTLS (RFC 2830) |
X |
|
X |
DIGEST-MD5 (RFC 2831) |
X |
|
X |
LDIF v1 (RFC 2849) |
|
X |
X |
Server-Side Sort Control (RFC 2891) |
X |
X |
X |
Password Modify Extended Operation (RFC 3062) |
|
|
X |
ManageDsaIT (RFC 3296) |
X |
|
X |
Authorization Identity Controls (RFC 3866) |
|
|
X |
Matched Values Control (RFC 3876) |
|
|
X |
Cancel Extended Operation (RFC 3909) |
|
|
X |
Proxied Authorization V2 Control (RFC 4370) |
|
|
X |
EXTERNAL SASL Mechanism (RFC 4422) |
X |
X |
X |
ANONYMOUS SASL Mechanism (RFC 4505) |
|
|
X |
Notice of Disconnection Unsolicited Notification (RFC 4511) |
|
|
X |
Increment Modify Extension (RFC 4525) |
|
|
X |
Read Entry Controls (RFC 4527) |
|
|
X |
Assertion Control (RFC 4528) |
|
|
X |
"Who Am I?" Extended Operation (RFC 4532) |
|
|
X |
Content Synchronization Operation (RFC 4533) |
|
|
X |
PLAIN SASL Mechanism (RFC 4616) |
X |
|
X |
GSSAPI SASL Mechanism (RFC 4876) |
X |
|
X |
LDAP Transactions (RFC 5805) |
|
|
X |
LDAP Don't Use Copy Control (RFC 6171) |
|
|
X |
Subtree Delete Control (draft-armijo-ldap-treedelete) |
|
|
X |
Password Policy Control (draft-behera-ldap-password-policy) |
|
|
X (*) |
LDAP Change Records (draft-good-ldap-changelog) |
|
|
X |
Virtual List View Control (draft-ietf-ldapext-ldapv3-vlv) |
|
X |
X |
Persistent Search / Entry Change Notification Controls (draft-ietf-ldapext-psearch) |
|
X |
X |
Subentries Control (draft-ietf-ldup-subentry) |
|
|
X |
CRAM-MD5 SASL Mechanism (draft-ietf-sasl-crammd5) |
X |
|
X |
Subordinate Subtree Search Scope (draft-sermersheim-ldap-subordinate-scope) |
|
|
X |
Password Expired / Password Expiring Controls (draft-vchu-ldap-pwd-policy) |
|
X |
X |
Proxied Authorization V1 Control (draft-weltman-ldapv3-proxy) |
|
X |
X |
LDAP No-Op Control (draft-zeilenga-ldap-noop) |
|
|
X (*) |
(*) -- At present, these specifications are not yet considered complete enough to
provide a stable interface for general use. As such, support for these features
is only available in the Commercial Edition of the LDAP SDK and only for use with
the Ping Identity, UnboundID, and Alcatel-Lucent 8661 Directory Server. Whenever
these specifications reach a sufficient level of maturity to make it possible to
safely implement them in a cross-server manner, then they will be added to the
Standard Edition.