Re: rootDSE

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:30 PM 9/7/00 -0400, Igor Brezac wrote:
>On Thu, 7 Sep 2000, Kurt D. Zeilenga wrote:
>> At 07:21 PM 9/7/00 -0400, Igor Brezac wrote:
>> >Do you know how to create and modify information under rootDSE? 

Looks like I misread the question.  This answer applies to:
  Do you know how to create and modify information IN the root DSE?

>> 
>> Depending on the server:
>>         1) not allowed
>>         2) by configuration or other proprietary means
>>         3) LDAP modify operation
>> 
>> OpenLDAP 2.0 implements the first choice.

Under the root DSE is a different question... but likely not
the question you intended.

The question, I think you are trying to ask are:
  How do I create an object with an empty DN?

You cannot. An object DSE cannot have an empty DN, this is
reserved for the Root DSE.

>I added 'suffix ""' to slapd.conf 

A suffix "" means the directory holds the root namingContext.
This means allow an empty DN to be used as a search base and
allow addition of objects under the empty DN.  It should
disallow of an add of an object DSE with an empty DN.
Obviously, this requires special attention to this special
cases in add, rename, and search.  I do not believe any
OpenLDAP backend (other than dnssrv) fully or correctly
supports this.  The LDBM backend was never designed to be
used to hold the root NamingContext.

In short, don't do that.  In long, feel free to develop
the necessary code to handle this special case.

> and added 'dn:' to the database

That's a bug.  You should not be able to add an object
DSE with an empty DN.

>but the searches with -b''
>generated an invalid DN message.

Try -b '' not -b''.  You'll likely get a bit different response.

>I am trying to setup Solaris 8 nss_ldap and openldap.

If you have any nss_ldap specific issues, please direct them
at <nssldap@padl.com>.