RFC 3672, Subentries in LDAP, describes
subentries and also the subentries request control. When you perform a search
without the control and visibility set to TRUE
, subentries
are only visible in searches with
SearchScope.BASE_OBJECT
.
if (isSupported(SubentriesRequestControl.OID)) { final SearchRequest request = Requests.newSearchRequest("dc=example,dc=com", SearchScope.WHOLE_SUBTREE, "cn=*Class of Service", "cn", "subtreeSpecification") .addControl(SubentriesRequestControl.newControl( true, true)); final ConnectionEntryReader reader = connection.search(request); final LDIFEntryWriter writer = new LDIFEntryWriter(System.out); try { while (reader.hasNext()) { if (reader.isEntry()) { final SearchResultEntry entry = reader.readEntry(); writer.writeEntry(entry); } } writer.close(); } catch (final ErrorResultIOException e) { // Request failed due to an IO problem. } catch (final SearchResultReferenceIOException e) { // Read a reference, rather than an entry. } catch (final IOException e) { // The writer could not write to System.out. } }
OpenDJ directory server supports the control.
dn: cn=Bronze Class of Service,dc=example,dc=com cn: Bronze Class of Service subtreeSpecification: { base "ou=People", specificationFilter "(classOfService= bronze)" } dn: cn=Silver Class of Service,dc=example,dc=com cn: Silver Class of Service subtreeSpecification: { base "ou=People", specificationFilter "(classOfService= silver)" } dn: cn=Gold Class of Service,dc=example,dc=com cn: Gold Class of Service subtreeSpecification: { base "ou=People", specificationFilter "(classOfService= gold)" }