[Date Prev][Date Next] [Chronological] [Thread] [Top]

Root DSE (ITS#947)

Full_Name: Roland Bless
Version: 2.0.7
OS: Linux 2.2.17
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I found that the OpenLDAP server returned nearly no
attributes when I requested the RootDSE with
ldapsearch -h ldap -b "" -s base '(objectclass=*)'
Just the two objectclasses "top" and "OpenLDAProotDSE"
are returned. In the source code I saw that this is due
to suppression of returning operational attributes unless
explicitly requested.
While this is requested by RFC 2251 sec. 3.2.1. for ordinary
entries, I'm not sure whether this should also be true for 
the root DSE. Even if RFC 2251 does not explicitly mention
this, I suppose that filtering operational attributes from
the root DSE is not intended (see Note on top of page 261
of "Understanding and Deploying LDAP Directory Services"
by Howes, Smith and Good). Win LDAP servers also seem to 
return every attribute of the root DSE. Maybe this topic
needs clarification.