LDAP Connector: Dynamic capability detection for paging and other controls

[JayVDZ]

Summary

Implement dynamic capability detection in the LDAP connector to query server capabilities from RootDSE before using LDAP controls like paging.

Background

Currently, the LDAP connector uses a static approach for paging controls - setting IsCritical = false on PageResultRequestControl so servers that don't support paging (like Samba AD) can ignore it. While this works, it provides no visibility into whether paging is actually being used.

Current Behaviour

var pageResultRequestControl = new PageResultRequestControl(pageSize)
{
    IsCritical = false  // Always non-critical, all servers
};

• Sends paging control to every server
• Server either uses it (if supported) or ignores it (if not)
• No knowledge of what actually happened
• Silent degradation with no admin visibility

Proposed Solution

Query the RootDSE supportedControl attribute during connection to detect server capabilities:

// During OpenImportConnection(), query RootDSE once
var supportedControls = QueryRootDseSupportedControls();
_supportsPaging = supportedControls.Contains("1.2.840.113556.1.4.319");

// During import
if (_supportsPaging)
{
    var pageControl = new PageResultRequestControl(pageSize) { IsCritical = true };
    searchRequest.Controls.Add(pageControl);
}
else
{
    Log.Warning("LDAP server does not support paging. Large imports may consume excessive memory.");
}

Benefits

1. Visibility: Log warning when paging isn't available
2. Explicit behaviour: Either paging works (critical) or we don't attempt it at all
3. Future options: Could add a setting "Require paging support" that fails fast if server can't page
4. Diagnostic value: Can surface capability info in Connected System UI ("Paging: Supported/Not Supported")

Trade-offs

1. Extra network round-trip: RootDSE query adds latency to every connection open (mitigated by caching per connection)
2. More code to maintain: Capability detection, caching, error handling for the probe
3. Edge cases: Some servers may advertise support but behave inconsistently

Common LDAP Control OIDs

Control	OID	Purpose
Paged Results	1.2.840.113556.1.4.319	Result pagination
Server-Side Sort	1.2.840.113556.1.4.473	Sort results on server
VLV (Virtual List View)	2.16.840.1.113730.3.4.9	Virtual scrolling
Show Deleted	1.2.840.113556.1.4.417	Include deleted objects

Acceptance Criteria

• Query RootDSE supportedControl during OpenImportConnection()
• Cache capabilities for the duration of the connection
• Only add paging control if server supports it
• Log warning when paging is not available
• Consider surfacing capabilities in Connected System details UI
• Unit tests for capability detection logic