3.1.1.3.4.1.24 LDAP_SERVER_DN_INPUT_OID

This control is used to specify the DN of an object during certain LDAP operations.

When used with an LDAP search operation that queries the constructed attribute msDS-IsUserCachableAtRodc on a computer object that represents an RODC, the server will return the administrative policy regarding whether the secret attributes of the security principal represented by the DN specified in the control can be cached on the RODC. If the caller does not have the Read-Only-Replication-Secret-Synchronization control access right on the root of the default NC, the error operationsError / ERROR_DS_CANT_RETRIEVE_ATTRS is returned. This access check is also specified in section 3.1.1.4.4.

When sending this control to the DC, the controlValue field is set to the BER encoding of the following ASN.1 structure.

 DNInputRequestValue ::= SEQUENCE {
     InputDN    OCTET STRING
 }

Where InputDN is a UTF-8 encoding of the DN of a security principal. The DN is either an RFC 2253–style DN or one of the alternative DN formats described in section 3.1.1.3.1.2.4.