[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advertising configcontext in Root-DSE

Ralf Haferkamp wrote:
On Thursday 16 February 2006 16:41, Pierangelo Masarati wrote:
Ralf Haferkamp wrote:

I just recognized that current slapd advertises the config-context
in root-dse, even if back-config is not used (e.g. no config
directory exists). To me it seems useful to hide the
"configContext" Attribute in such cases and deny searches below
cn=config with "no such object".
No. The cn=config tree is always present; just that any changes
made when no backing directory exists will not persist.
but if no "database config" directive is present, it's not
accessible. I think this is what Ralf meant.
Yes. It's just confusing that you see "configContext" in the Root-DSE but can't access it in any way.

I don't consider this a condition worth testing for. You could have a sasl-regexp that maps some other identity to the cn=config DN. (And I don't consider that worth explicitly testing for either...) Feel free to code it up if you feel strongly about it.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/