directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: [jira] Created: (DIRSERVER-1169) Access control don't apply to the rootDSE
Date Tue, 06 May 2008 05:04:16 GMT
Alex Karasulu wrote:
> This is because the RootDSE is usually bare so applications can 
> perform discovery but some servers might want to protect it.  Know of 
> any situation when the RootDSE could be hidden?
RFC 4512 :

5.1.  Server-Specific Data Requirements

   An LDAP server SHALL provide information about itself and other
   information that is specific to each server.  This is represented as
   a group of attributes located in the root DSE, which is named with
   the DN with zero RDNs (whose [RFC4514] representation is as the
   zero-length string).

   These attributes are retrievable, _subject to access control_ and other
   restrictions, if a client performs a Search operation [RFC4511] with
   an empty baseObject, scope of baseObject, the filter"(objectClass=*)" 
   [RFC4515], and the attributes field listing the
   names of the desired attributes.

cordialement, regards,
Emmanuel L├ęcharny

View raw message