Re: Advertising configcontext in Root-DSE

[Howard Chu <hyc@symas.com>]

Ralf Haferkamp wrote:
> On Thursday 16 February 2006 16:41, Pierangelo Masarati wrote:
>   
> > > Ralf Haferkamp wrote:
> > >       
> > > > Hi,
> > > >
> > > > I just recognized that current slapd advertises the config-context
> > > > in root-dse, even if back-config is not used (e.g. no config
> > > > directory exists). To me it seems useful to hide the
> > > > "configContext" Attribute in such cases and deny searches below
> > > > cn=config with "no such object".
> > > >         
> > > No. The cn=config tree is always present; just that any changes
> > > made when no backing directory exists will not persist.
> > >       
> > but if no "database config" directive is present, it's not
> > accessible.  I think this is what Ralf meant.
> >     
> Yes. It's just confusing that you see "configContext" in the Root-DSE 
> but can't access it in any way.

I don't consider this a condition worth testing for. You could have a 
sasl-regexp that maps some other identity to the cn=config DN. (And I 
don't consider that worth explicitly testing for either...) Feel free to 
code it up if you feel strongly about it.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/