[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Clarification of RootDSE information retrieval required
"Briscoe AR (Tel (MAN05 2405))" wrote:
>
> Apologies to anyone who may have seen this twice. I first posted
> to the ietf-asid list but have reposted to ietf-ldapext as I am not
> convinced about the coverage of the asid list anymore. Does
> anyone listen to the asid list these days?
>
> Following recent attendance at the DirConnect event held by the IDC
> I require some clarification on how access to the RootDSE is
> expected to take place.
>
> I am aware that a number of parties expect to be able to search
> for the details in the RootDSE by performing a BASE object search
> on the root DN ("") specifying a filter of "objectClass=*" and defaulting
> to 'information selection' of all attributes using a zero length
> AttributeDescriptionList.
>
> My understanding is that this is not correct, I will now draw on what I
> think are the relevant sections of the relevant RFCs
> ...
I agree with your assessment -- most of the attributes commonly found in
the root DSE are operational attributes and according to the RFCs they
should not be returned unless listed by name.
However, I would like to lobby for a change to the RFCs to relax this
for the root DSE. I think it is useful and not harmful to return all
root DSE attributes even when they are not named explicitly. This makes
it easier for client implementors to discover what server meta
information is available, is easier to debug, and so on. In the
interest of full and fair disclosure, I will admit that Netscape's LDAP
server implementation already behaves this way.
--
Mark Smith
Directory Architect / Netscape Communications Corp.
My words are my own, not my employer's. Got LDAP?