directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [jira] Created: (DIRSERVER-1169) Access control don't apply to the rootDSE
Date Tue, 06 May 2008 13:11:13 GMT
No need to quote the RFC with me, I know that it can be subject to access
control - read my question.  You know of situations when it is actually set
to anything but read-only by everyone?

Alex

On Tue, May 6, 2008 at 1:04 AM, Emmanuel Lecharny <elecharny@apache.org>
wrote:

> Alex Karasulu wrote:
>
> > This is because the RootDSE is usually bare so applications can perform
> > discovery but some servers might want to protect it.  Know of any situation
> > when the RootDSE could be hidden?
> >
> RFC 4512 :
>
> 5.1.  Server-Specific Data Requirements
>
>  An LDAP server SHALL provide information about itself and other
>  information that is specific to each server.  This is represented as
>  a group of attributes located in the root DSE, which is named with
>  the DN with zero RDNs (whose [RFC4514] representation is as the
>  zero-length string).
>
>  These attributes are retrievable, _subject to access control_ and other
>  restrictions, if a client performs a Search operation [RFC4511] with
>  an empty baseObject, scope of baseObject, the filter"(objectClass=*)"
>  [RFC4515], and the attributes field listing the
>  names of the desired attributes.
>
>
> --
> --
> cordialement, regards,
> Emmanuel L├ęcharny
> www.iktek.com
> directory.apache.org
>
>
>

Mime
View raw message