3.5.11 Refresh Request

To refresh the time-to-live attribute of any dynamic object stored in the ILS directory, an LDAP search operation is performed with sttl attribute as part of the LDAP filter. The full operation requires the following LDAP operations:

• LDAP Bind

• LDAP Search

• LDAP Unbind

The refresh request MUST be initiated by making an LDAP Bind Request to an ILS Server. If LDAP v2 is offered, only simple authentication can be used.<28> This is the normally the case when users are located on the Internet. Once a successful Bind has been made (LDAP Bind Response, resultCode == 0), it MUST be followed by an LDAP Search operation [RFC2251]. The search operation identifies the object whose sttl/entryTTL value needs to be refreshed.

To refresh the rtPerson object "mailto:cn= egruber@contoso.com" and set the time to live to 10 minutes, the search request would be as follows:

 SearchRequest: BaseDN: objectClass=rtPerson, SearchScope: base Object
 LDAPFilter Filter: (&(objectClass=rtPerson)(mailto:cn= egruber@contoso.com)(sttl=10))

The server will respond with two LDAP PDUs: Search Result Entry and returning the matched object followed by Search Result Done. The refresh is completed by performing an Unbind.

Note A standard LDAP modify operation on the dynamicObject attribute entryTTL can also be performed to reset the time to live. The value for sttl is given in minutes; the value for entryTTL is given in seconds.