[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6439) rootDSE access method question



j@gropefruit.com wrote:
> Full_Name: J
> Version: 2.4.20
> OS: Debian-Lenny/amd64
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (68.15.14.98)
> 
> 
> Certain clients (for example, a Solaris 10 host) need to query the rootDSE of
> our OpenLDAP server. Unfortunately, due to the way their client software is
> written, the Solaris 10 client will only be able to attempt to view the rootDSE
> using a scope of ONELEVEL or SUBTREE - it does not support BASELEVEL searches of
> the rootDSE.
> 
> Solaris 10's 'ldapsearch' allows manual querying of our rootDSE for
> testing-purposes, so I know otherwise things should work (ACL-wise, etc).  It
> just seems to be a problem in the system-config, as the man page clearly states
> that only the two aforementioned scopes are allowed.
> 
> Options?  Is there a way I can alias a DN-less object? If so, is this even
> advisable? 
> 
> Or, perhaps is there a way to store an alternate copy of the rootDSE somewhere
> that is more "conventionally" accessible?
> 
> At this point, I'll consider any alternative.  I reviewed the manpage for
> slapd.conf, however the rootDSE parameter in slapd.conf seems to be only used
> for "additions" or supplemental changes to an existing rootDSE.

Since you quoted the ldapclient docs, I have to ask what exactly you're trying
to accomplish. Solaris ldapclient is only used to configure NSS, and there are
no NSS tables that serve anything that could be extracted from an LDAP
server's rootDSE. What are you really trying to do?

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/