2.2.9 Search Flags

The following table defines the valid search flags used on attributes, as specified in section 3.1.1.2.3. The flags are presented in big-endian byte order.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

S E

B O

X L

R O

N V

C F

S T

T P

C P

P R

A R

P
I

I
X

X: Unused. Must be zero and ignored.

IX (fATTINDEX, 0x00000001): Specifies a hint to the DC to create an index for the attribute.

PI (fPDNTATTINDEX, 0x00000002): Specifies a hint to the DC to create an index for the container and the attribute.

AR(fANR, 0x00000004): Specifies that the attribute is a member of the ambiguous name resolution (ANR) set.

PR (fPRESERVEONDELETE, 0x00000008): Specifies that the attribute MUST be preserved on objects after deletion of the object (that is, when the object is transformed to a tombstone, deleted-object, or recycled-object). This flag is ignored on link attributes, objectCategory, and sAMAccountType.

CP (fCOPY, 0x00000010): Specifies a hint to LDAP clients that the attribute is intended to be copied when copying the object. This flag is not interpreted by the server.

TP (fTUPLEINDEX, 0x00000020): Specifies a hint for the DC to create a tuple index for the attribute. This will affect the performance of searches where the wildcard appears at the front of the search string.

ST (fSUBTREEATTINDEX, 0x00000040): Specifies a hint for the DC to create subtree index for a Virtual List View (VLV) search.

CF (fCONFIDENTIAL, 0x00000080): Specifies that the attribute is confidential. An extended access check (section 3.1.1.4.4) is required.

Note: The effect of this flag can vary depending on whether the LDAP_SERVER_DIRSYNC_OID control (section 3.1.1.3.4.1.3) or the LDAP_SERVER_DIRSYNC_EX_OID control (section 3.1.1.3.4.1.29) is present in an LDAP search request. If neither of these controls is present, a confidential attribute will not be included in the LDAP search response. If one of these controls is present and the LDAP_DIRSYNC_OBJECT_SECURITY flag is set (section 3.1.1.3.4.1.3), a confidential attribute might be included in the response, but its value will be empty.

NV (fNEVERVALUEAUDIT, 0x00000100): Specifies that auditing of changes to individual values contained in this attribute MUST NOT be performed. Auditing is outside of the state model.

RO (fRODCFilteredAttribute, 0x00000200): Specifies that the attribute is a member of the filtered attribute set.

XL (fEXTENDEDLINKTRACKING, 0x00000400): Specifies a hint to the DC to perform additional implementation-specific, nonvisible tracking of link values. The behavior of this hint is outside the state model.

BO (fBASEONLY, 0x00000800): Specifies that the attribute is not to be returned by search operations that are not scoped to a single object. Read operations that would otherwise return an attribute that has this search flag set instead fail with operationsError / ERROR_DS_NON_BASE_SEARCH.

SE (fPARTITIONSECRET, 0x00001000): Specifies that the attribute is a partition secret. An extended access check is required.

Flags that specify "hints" only direct the server to create certain indices that affect the system performance. The effects of these flags are outside the state model. Implementations are permitted to ignore these flags.