No need to quote the RFC with me, I know that it can be subject to access control - read my question.  You know of situations when it is actually set to anything but read-only by everyone?


On Tue, May 6, 2008 at 1:04 AM, Emmanuel Lecharny <> wrote:
Alex Karasulu wrote:
This is because the RootDSE is usually bare so applications can perform discovery but some servers might want to protect it.  Know of any situation when the RootDSE could be hidden?
RFC 4512 :

5.1.  Server-Specific Data Requirements

 An LDAP server SHALL provide information about itself and other
 information that is specific to each server.  This is represented as
 a group of attributes located in the root DSE, which is named with
 the DN with zero RDNs (whose [RFC4514] representation is as the
 zero-length string).

 These attributes are retrievable, _subject to access control_ and other
 restrictions, if a client performs a Search operation [RFC4511] with
 an empty baseObject, scope of baseObject, the filter"(objectClass=*)"  [RFC4515], and the attributes field listing the
 names of the desired attributes.

cordialement, regards,
Emmanuel Lécharny