No need to quote the RFC with me, I know that it can be subject to access control - read my question. You know of situations when it is actually set to anything but read-only by everyone?
Alex Karasulu wrote:RFC 4512 :
This is because the RootDSE is usually bare so applications can perform discovery but some servers might want to protect it. Know of any situation when the RootDSE could be hidden?
5.1. Server-Specific Data Requirements
An LDAP server SHALL provide information about itself and other
information that is specific to each server. This is represented as
a group of attributes located in the root DSE, which is named with
the DN with zero RDNs (whose [RFC4514] representation is as the
These attributes are retrievable, _subject to access control_ and other
restrictions, if a client performs a Search operation [RFC4511] with
an empty baseObject, scope of baseObject, the filter"(objectClass=*)" [RFC4515], and the attributes field listing the
names of the desired attributes.