[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Discovering search base

To: Stuart Schmukler <Stuart.Schmukler@ncal.kaiperm.org>
Subject: Re: Discovering search base
From: Ludovic Poitou - Sun Microsystems <Ludovic.Poitou@France.Sun.COM>
Date: Wed, 2 Dec 1998 10:16:13 +0100 (MET)
Cc: jgr@hplb.hpl.hp.com, openldap-general@openldap.org
In-reply-to: "Your message with ID" <"066F436648AC701D*/c=us/admd= /prmd=kaiperm/o=ncal/ou=notes/s=Schmukler/g=Stuart/"@MHS>

This is an LDAPv3 service. So it's not supported yet in OpenLdap.

The entry with an empty dn (-b "" ) is named the root DSE.
Normally, almost all the attributes of the root DSE are operational
attributes. Therefore, you should name them in the attribute list to retrieve
them.

Netscape and Sun servers are more permissive and always return the whole entry.
Microsoft only returns attributes that are in the attributes list.

There's some discussion today on the LDAPext working group to decide wether
servers should return all attributes or only the requested ones.

The namingContext attribute is really there to serv as base for all operations.
 The altServer may contain URLs (ldap://...) of alternate LDAP servers in case
this one become unavailable.


Ludovic Poitou
Sun Microsystems.
Solaris Directory Services Group.

> I figured out that that means do the search:
> 
> ldapsearch -h <hostname> -s base -b "" "objectclass=*"
> 
> Assuming your LDAP is on the 389 port you'll get something like this:
> 
> dn:
> objectclass: top
> objectclass: passwordPolicy
> passwordchange: may
> passwordchecksyntax: 0
> passwordminlength: 6
> passwordexp: 0
> passwordmaxage: 8640000
> passwordwarning: 86400
> passwordkeephistory: 0
> passwordinhistory: 6
> passwordlockout: 0
> passwordmaxfailure: 3
> passwordunlock: 1
> passwordlockoutduration: 3600
> passwordresetduration: 600
> namingcontexts: o=Airius.com
> namingcontexts: o=Company,c=US
> subschemasubentry: cn=schema
> supportedcontrol: 2.16.840.1.113730.3.4.2
> supportedcontrol: 2.16.840.1.113730.3.4.3
> supportedcontrol: 2.16.840.1.113730.3.4.4
> supportedcontrol: 2.16.840.1.113730.3.4.5
> supportedcontrol: 1.2.840.113556.1.4.473
> supportedcontrol: 2.16.840.1.113730.3.4.6
> supportedsaslmechanisms: EXTERNAL
> supportedldapversion: 2
> supportedldapversion: 3
> changelog: cn=changlog
> firstchangenumber: 1
> lastchangenumber: 1
> dataversion: directory.Airius.com:389 019981201233446
> 
> Yes, this is cool!!!  BTW, I did this against the Netscape
> Directory Server 3.1, not openLDAP.  Does openldap do this?
> 
> SaS
> 
> 
> 
> 
> 
> jgr@hplb.hpl.hp.com on 12/01/98 10:53:00 AM
> To:	openldap-general@openldap.org@Internet
> cc:	 (bcc: Stuart Schmukler/REG/KPNC)
> Subject:	Discovering search base
> 
> Hi folks,
> 
> I'm fairly new to LDAP so please forgive my ignorance. My question is as
> follows:-
> 
> After reading the LDAPv3 spec. (rfc 2252 in particular) my understanding was
> that the value of the "namingContext" attribute could be used as a search
> base? First of all - is this understanding correct - and how on earth do I
> query a server for that information? My understanding is that it would be
> pretty similar to "altServers" so if anyone knows how that works I would
> like to hear.
> 
> Thanks,
> 
> Jacob
> --
> Jacob Refstrup
> Hewlett Packard Labs, Bristol
> 
> 
> 
> 
> 
>

Follow-Ups:
- Re: Discovering search base
  - From: Greg Retkowski <greg@screamingslave.rage.net>

References:
- Re: Discovering search base
  - From: Stuart Schmukler <Stuart.Schmukler@ncal.kaiperm.org>

Prev by Date: Re: Building Netscape C LDAP SDK 3.0 on unix
Next by Date: Re: Roaming (was: LDAP and e-mail)
Index(es):
- Chronological
- Thread