Alex Karasulu wrote:
This is because the RootDSE is usually bare so applications can
perform discovery but some servers might want to protect it. Know of
any situation when the RootDSE could be hidden?
RFC 4512 :
5.1. Server-Specific Data Requirements
An LDAP server SHALL provide information about itself and other
information that is specific to each server. This is represented as
a group of attributes located in the root DSE, which is named with
the DN with zero RDNs (whose [RFC4514] representation is as the
zero-length string).
These attributes are retrievable, _subject to access control_ and other
restrictions, if a client performs a Search operation [RFC4511] with
an empty baseObject, scope of baseObject, the filter"(objectClass=*)"
[RFC4515], and the attributes field listing the
names of the desired attributes.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
