directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Quanah Gibson-Mount (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-1214) Searches done with an empty baseDN are not accepted, except for the rootDSE
Date Fri, 26 Feb 2010 17:11:27 GMT


Quanah Gibson-Mount commented on DIRSERVER-1214:

This is a very real issue, and ignoring it doesn't make it go away. :)

I can show you the behavior for OpenLDAP (For, which has a root of "dc=stanford,dc=edu"

tribes:~> ldapsearch -x -h ldap -b "" | more
# extended LDIF
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

dn: dc=stanford,dc=edu
objectClass: dcObject
objectClass: organization
o: Stanford University
dc: stanford
l: Palo Alto


More importantly, is how are you going to handle people who have databases rooted at ""? 
That's what we do at Zimbra, as we support ISP's, and thus multiple domains that could exist
across org, com, edu, etc.  You should *always* be able to do a subtree search on "", and
it should simply return the databases as they exist (according to ACL rules, etc, of course).

It is the same as any other subtree search.


> Searches done with an empty baseDN are not accepted, except for the rootDSE
> ---------------------------------------------------------------------------
>                 Key: DIRSERVER-1214
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: Emmanuel Lecharny
>             Fix For: 1.5.6
> We can't do a search with an empty baseDN, when it's not specifically a rootDSE search
(ie, (objectClass=*) and scope=OBJECT).
> We should consider that such a search is spreaded on all the partitions.
> This is not easy to implement without the nested partitions, as the current existing
partitions are potentially stoed in different backends.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message