Modify groups only control

Edit online

The Modify groups only control explains its use with the server and provides the results.

Description
This control can be used with a delete, modrdn, or moddn operation to cause the server to modify the groups in which it is in a member without deleting or modifying the entry itself. The entry that is named in the delete, modrdn, or moddn request does not require to exist on the server.
Note: This control is always enabled.
OID
1.3.18.0.2.10.25
Syntax
This control has no value.
Behavior
This control is registered for the following operations:
  • Delete
  • Modrdn
The following persons are enabled to send the control:
  • Primary Directory Administrator
  • Local Administration Group members
  • Global Administration Group members
Note: If the control is sent by a user who does not have access, LDAP_INSUFFICIENT_ACCESS is returned.
This control has the following possible return codes:
  • LDAP_SUCCESS
  • LDAP_DECODING_ERROR
  • LDAP_UNWILLING_TO_PERFORM

The Administration Server does not support this control.

Scope
The control lasts for the term of one operation. The control is only recognized when a delete, moddn, or modrdn request goes to the RDBM back-end.
Auditing
When the server receives this control, the audit plug-in adds the following lines to the audit entry: 
controlType: control ID
criticality: true | false