>> Clients may determine the protocol versions a server supports by
>> reading the supportedLDAPVersion attribute from the root DSE
>> [Models]. Servers which implement version 3 or later MUST provide
>> this attribute.
>Drop the MUST. As the returned contents of the root DSE may be
>subject to ACLs, clients need to deal with the case where an LDAPv3
>server does not provide a root DSE or does not provide this attribute.
>Most clients simply do blind (e.g., no root DSE checks) LDAPv3 binds
This imperative has been here all along. I worry that there are clients that already rely on this MUST in order to discover the protocol version, rather than using the Bind/failover method.