Configuring DirX Directory LDAP Extended Operations

The extended operations ldap_cfg_defaults, ldap_ext_info, ldap_show_config_dsas, ldap_ssl_ciphernames and startTLS are performed without any restriction or authentication.The LDAP Extended Operations Admins (ldapExtOpAdmins) attribute and the LDAP Extended Operations Admin Group (ldapExtOpAdminGroups) attribute of the LDAP server configuration subentry controls the accessibility of all other extended operations; that is, the distinguished name specified in the -D option must be one of the values of the LDAP Extended Operations Admins attribute or the LDAP Extended Operations Admin Groups attribute to be allowed to perform an extended operation.For information about attributes for specifying more fine-grained access rights to LDAP extended operations, see the section Attributes Controlling LDAP Extended Operations in DirX Directory Syntaxes and Attrributes.