Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 66333 invoked from network); 26 Feb 2010 17:11:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 26 Feb 2010 17:11:59 -0000 Received: (qmail 61653 invoked by uid 500); 26 Feb 2010 17:11:59 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 61598 invoked by uid 500); 26 Feb 2010 17:11:59 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 61591 invoked by uid 99); 26 Feb 2010 17:11:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Feb 2010 17:11:59 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Feb 2010 17:11:49 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id EB5AC234C4AD for ; Fri, 26 Feb 2010 09:11:27 -0800 (PST) Message-ID: <201023144.558861267204287962.JavaMail.jira@brutus.apache.org> Date: Fri, 26 Feb 2010 17:11:27 +0000 (UTC) From: "Quanah Gibson-Mount (JIRA)" To: dev@directory.apache.org Subject: [jira] Commented: (DIRSERVER-1214) Searches done with an empty baseDN are not accepted, except for the rootDSE In-Reply-To: <637798609.1217522431857.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DIRSERVER-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838939#action_12838939 ] Quanah Gibson-Mount commented on DIRSERVER-1214: ------------------------------------------------ This is a very real issue, and ignoring it doesn't make it go away. :) I can show you the behavior for OpenLDAP (For ldap.stanford.edu, which has a root of "dc=stanford,dc=edu" tribes:~> ldapsearch -x -h ldap -b "" | more # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL # # stanford.edu dn: dc=stanford,dc=edu objectClass: dcObject objectClass: organization o: Stanford University dc: stanford l: Palo Alto (etc) More importantly, is how are you going to handle people who have databases rooted at ""? That's what we do at Zimbra, as we support ISP's, and thus multiple domains that could exist across org, com, edu, etc. You should *always* be able to do a subtree search on "", and it should simply return the databases as they exist (according to ACL rules, etc, of course). It is the same as any other subtree search. --Quanah > Searches done with an empty baseDN are not accepted, except for the rootDSE > --------------------------------------------------------------------------- > > Key: DIRSERVER-1214 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1214 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 1.5.3 > Reporter: Emmanuel Lecharny > Fix For: 1.5.6 > > > We can't do a search with an empty baseDN, when it's not specifically a rootDSE search (ie, (objectClass=*) and scope=OBJECT). > We should consider that such a search is spreaded on all the partitions. > This is not easy to implement without the nested partitions, as the current existing partitions are potentially stoed in different backends. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.