Server Administration
| Information | Notes |
|---|---|
| Name | Server Administration |
| Description | Used by an LDAP administrator on an add, delete, modify, or modify DN operation under conditions where the operation is typically refused. Administrative role permissions are still enforced. |
| Assigned object identifier | 1.3.18.0.2.10.15 |
| Target of control | Server |
| Control criticality | Critical at client's option |
| Values | There is no value; the controlValue field is absent. |
| Server behavior | This control can only be specified by a user bound as an LDAP administrator. If user is not bound as an LDAP administrator, the server returns an LDAP_UNWILLING_TO_PERFORM error. If the server is a supplier or consumer server and is quiesced in an advanced replication environment, the control must be specified in order to allow the update to occur. |
In an advanced replication environment, this control allows an add, delete, modify, or modify DN operation sent by an LDAP administrator to be processed by a server that typically refuses the operation, such as a quiesced forwarding server or a read-only replica server. The processed operation is then replicated as any other update. This control is used by the ldapdiff utility to enable updates to occur on consumer servers that are no longer synchronized with the supplier server.
This control must be used with discretion because entry updates are allowed under unusual circumstances. Therefore, it is the user’s responsibility to ensure the server being updated ends up in a state consistent with the other servers in an advanced replication environment. For example, in an advanced replication environment, the entry's modifyTimestamp attribute value, which is used as the base for conflict resolution, might be different on different servers if the entry gets updated individually on those servers with this control.
The ldapadd, ldapmodify, ldapmodrdn, and ldapdelete utilities have a -k option to add this control to LDAP server requests. For more information, see ldapmodify and ldapadd utilities in z/OS IBM Tivoli Directory Server Client Programming for z/OS.