This is because the RootDSE is usually bare so applications can perform discovery but some servers might want to protect it.  Know of any situation when the RootDSE could be hidden?

BTW we cannot apply ACI to the RootDSE until we make it so we have a root partition that can store subentry for the root AA with apex at the RootDSE. 


On Mon, May 5, 2008 at 6:17 PM, Emmanuel Lecharny (JIRA) <> wrote:
Access control don't apply to the rootDSE

                Key: DIRSERVER-1169
            Project: Directory ApacheDS
         Issue Type: Bug
   Affects Versions: 1.5.2
           Reporter: Emmanuel Lecharny
            Fix For: 1.5.3

The getRootDSE operation ( a search operation done on a empty DN, with a BASE_OBJECT scope and a (ObjectClass=*) filter) is not checked against the ACIs, as the Authorization interceptor is not invoked.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.