Alex Karasulu wrote:
You're supposed to allow annonymous binds to the RootDSE even when anon binds are disabled. This is because RootDSE access is required always to discover how to auth in the first place.
Not true, per RFC 4512 :
5.1. Server-Specific Data Requirements ... These attributes are retrievable, *subject to access control* and other restrictions, if a client performs a Search operation... -- -- cordialement, regards, Emmanuel Lécharny www.iktek.com directory.apache.org
