3.1.1.3.4.1.9 LDAP_SERVER_NOTIFICATION_OID
The LDAP_SERVER_NOTIFICATION_OID control is used with an LDAP search operation to register the client that is to be notified when changes are made to an object in the directory.
Notifications are asynchronous operations. When the DC receives a search request with this control attached, it does not immediately send a response to the request. Instead, when an object is modified, if that object falls within the scope of the search request to which the LDAP_SERVER_NOTIFICATION_OID control was attached, the DC sends a SearchEntry response that contains the modified object to the client, using the messageID from the original search request (SearchEntry and messageID are defined in [RFC2251] section 4.1.1). The SearchEntry response will contain those attributes of the object that were requested in the original request. These attributes are not necessarily the attributes that were modified. A client indicates that it no longer requires notifications by sending an LDAP abandon operation, specifying the messageID of the original search request.
LDAP search requests that include this control are subject to the following restrictions:
The only filter permitted in the search request is "(objectclass = *)". The server will return the error unwillingToPerform / <unrestricted> if this is not the case.
Base, one-level, and subtree search scopes are permitted. For Windows 2000 operating system DCs, if the base DN specified in a subtree search is not the root of an NC, the server returns the error unwillingToPerform / <unrestricted>. Windows Server 2003 operating system and later DCs do not have this restriction.
When sending this control to the DC, the controlValue field of the Control structure is omitted. Sending this control to the DC does not cause the server to include any controls in its eventual responses.