Le 3/25/14 5:35 PM, Jim Willeke a écrit : > Does not say anything about "Admins" being the only ones to be able to > retrieve the values.
This is not how I read the RFC. "These attributes are retrievable, subject to access control and other restrictions, if a client performs a Search operation" Here, 'user' is not specifically an admin. > > Only that they should be returned only as operational attributes would be. > > How else would a client know the capabilities of the server? I think that's not the point here. The question was : "can we block non-admin to fetch info from the RootDSE" and the response is clearly yes, assuming that the right ACI is set at the right place. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
