332 Novell eDirectory 8.8 Administration Guidenovdocx (en) 11 July 2008Typeful NameseDirectory uses both typeless (.JOHN.MARKETING.ABCCORP) and typeful(CN=JOHN.OU=MARKETING.O=ABCCORP) names. LDAP uses only typeful names withcommas as the delimiters (CN=JOHN,OU=MARKETING,O=ABCCORP).Escape CharacterThe backslash (\) is used in LDAP distinguished names as an escape character. If you use the plussign (+) or the comma (,), you can escape them with a single backslash character.For example:CN=Pralines\+Cream,OU=Flavors,O=MFG (CN is Pralines+Cream)CN=DCardinal,O=Lionel\,Turner and Kaye,C=US (O is Lionel, Turner, and Kaye)See Internet Engineering Task Force RFC 232 (http://www.ietf.org/rfc/rfc2253.txt?number=2253)for more information.Multiple Naming AttributesObjects can be defined with multiple naming attributes in the schema. In both LDAP and eDirectory,the User object has two: CN and UID. The plus sign (+) separates the naming attributes in thedistinguished name. If the attributes are not explicitly labeled, the schema determines which stringgoes with which attribute (the first would be CN, the second is UID for eDirectory and LDAP). Youcan reorder them in a distinguished name if you manually label each portion.For example, the following are two relative distinguished names:Smith (CN is Smith CN=Smith)Smith+Lisa (CN is Smith, the OU is Lisa CN=Smith UID=Lisa)Both relative distinguished names (Smith and Smith+Lisa) can exist in the same context becausethey must be referenced by two completely different relative distinguished names.13.2.5 Supported Novell LDAP Controls and ExtensionsThe LDAP 3 protocol allows LDAP clients and LDAP servers to use controls and extensions forextending an LDAP operation. Controls and extensions allow you to specify additional informationas part of a request or a response. Each extended operation is identified by an Object Identifier(OID), which is a string of octet digits that are required to add an attribute or objectclass of your ownto an LDAP server. LDAP clients can send extended operation requests specifying the OID of theextended operation that should be performed and the data specific to that extended operation. Whenthe LDAP server receives the request, it performs the extended operation and sends a responsecontaining an OID and any additional data to the client.For example, a client can include a control that specifies a sort with the search request that it sendsto the server. When the server receives the search request, it sorts the search results before sendingthe search results back to the client. Servers can also send controls to clients. For example, a servercan send a control with the authentication request that informs the client about password expiration.