What I do is connect to host:port, check base for 'supportedLDAPVersion' and if LDAP server don't support v3 binds, I set protocol to v2 THEN I bind to the server...
You shouldn't rely on reading attribute 'supportedLDAPVersion' from RootDSE since it might be subject of access control or you get a weird pesudo-referral back from a LDAPv2 server.
Instead a better approach is to just try a LDAPv3 bind (or the first operation if your application logic allows you to handle the fall-back). If that fails with LDAP_PROTOCOL_ERROR you MUST drop the connection and open a new LDAP connection binding with LDAPv2.
This discussion would be most appropriate for a general LDAP mailing list like [EMAIL PROTECTED]
Ciao, Michael.
