Turning Chase Referrals Off

The LDAP extended control notifies the Active Directory Directory Services (AD DS) managed system not to generate any additional references (crossRef objects) in response to a search query.

With this control in a search request, the search operation is limited to the domain scope. You must validate if it is required to fetch any information from multiple domains. Adding configuration details to the required domain(s) in the source definition is mandatory. Active Directory search does not depend on referrals to fetch information from the managed system.

To aggregate the complete data, the Domain Setting configuration in Active Directory sources must be updated with required information.

To turn chase referrals off, complete the following:

Add the attribute ldapExtendedControls using the Identity Security Cloud REST API.

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

Note
This attribute is generated with the LDAP extended control: 'LDAP_SERVER_DOMAIN_SCOPE_OID' (value = 1.2.840.113556.1.4.1339). Newly created Active Directory sources have this control by default, previous sources do not have any impact and continue to work as expected.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Turning Chase Referrals Off

Documentation Feedback