Ahhh okie you're right on.  My bad.

On Mon, Jul 20, 2009 at 8:34 PM, Emmanuel Lecharny <elecharny@apache.org> wrote:
Alex Karasulu wrote:
You're supposed to allow annonymous binds to the RootDSE even when anon
binds are disabled.  This is because RootDSE access is required always to
discover how to auth in the first place.
Not true, per RFC 4512 :

5.1.  Server-Specific Data Requirements


 These attributes are retrievable, *subject to access control* and other
 restrictions, if a client performs a Search operation...

cordialement, regards,
Emmanuel Lécharny

Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org