Sorted search control

Use this information to work with sorted search control.

Sorted Search Results provides sort capabilities for LDAP clients with limited or no sort function. Sorted Search Results allows an LDAP client to receive search results sorted based on a list of criteria, where each criteria represents a sort key. The sort criteria includes attribute types, matching rules, and descending order. The server uses this aspect to sort search results before you return them. This aspect moves the responsibility of sorting from the client application to the server, where it might be done much more efficiently. For example, a client application might want to sort the list of employees at the company's Grand Cayman site by surname, common name, and telephone number. Instead of building the search list twice so it can be sorted (when at the server and then again at the client after all the results are returned), the search list is built only at one time, and then sorted, before you return the results to the client application.

The server sorts search entries that are based on attributes and by default allows a maximum of three sort keys (attribute names) per search operation. To change the value of this administrative limit, change the following line in the ibmslapd.conf file.

ibm-slapdSortKeyLimit: 3

See Search Settings for information on how to do this action. If the line does not exist, add it to set the new maximum if the line does not exist, the server is using the default value.

By default the server accept requests from non-administrator binds, including those bindings anonymously. Because sorting search results before you return them uses more server resources than returning them, you might want to configure the server to accept only requests from users that bind with administrator authority. To accept sorted search requests submitted by using only administrator bind, change the line ibm-slapdSortSrchAllowNonAdmin: true to ibm-slapdSortSrchAllowNonAdmin: false in the ibmslapd.conf file. See Search Settings. If the line does not exist, add it with a value of False to enable only administrator binds for sorted search operations.

The LDAP server returns all referrals to the client at the end of a search request. It is up to the application that uses the client services to decide whether to set the criticality of the sorted search request, and to handle a lack of support of those controls on referral servers as appropriate based on the application. Additionally, the LDAP server does not ensure that the referral server supports the sorted search control. Multiple lists might be returned to the client application, some not sorted. It is the decision of the client application as to how to best present this information to the user. Possible solutions include these aspects:

Combine all referral results before they are present to the user
Show multiple lists and the corresponding referral server host name
Take no extra steps and show all results to the user as they are returned from the server

The client application must turn off referrals to get one truly sorted list, otherwise when you chase referrals with sorted search controls specified, unpredictable results might occur.

It is important to note the following points when you take advantage of the server sorted search results:

The server takes advantage of the underlying DB2® database to do sorting of search results. This aspect means that different sorted search results are based on the data code page for the database, especially if your database code page is UTF-8.
Ordering rules that are specified for a sort key attribute are ignored by the server. Now, ordering rules are not supported by the server.
There is no support for sorting multiserver (referrals). The server cannot ensure that referred servers support sorted search results.

More information about the server-side sorted search control can be found in RFC 2891. The control OID for sorted search results is 1.2.840.113556.1.4.473, and is included in the Root DSE information as a supported control.