Alex Karasulu wrote:
You're supposed to allow annonymous binds to the RootDSE even when anon binds are disabled. This is because RootDSE access is required always to discover how to auth in the first place.
Also I don't think we need to be able to read the rootDSE when doing a Bind. The way it works is that a client just send a BindRequest, and the server do what it should with this request, with full access to the RootDSE.
So I don't think we should allow anonymoius access to the RootDSE for the client, unless the admin specifically decide to do so.
-- -- cordialement, regards, Emmanuel Lécharny www.iktek.com directory.apache.org
