Re: How do I create a server for root?

[Niels Poppe <niels@netbox.org>]

Konstantinos Agouros wrote:
> 
> On Fri, Mar 17, 2000 at 12:33:43AM +1100, David J N Begley wrote:
> > On Tue, 14 Mar 2000, Rich Graves wrote:
> >
> > > On Tue, 14 Mar 2000, Niels Poppe wrote:
> > >
> > > > In servers/slapd/backend.c you can #define LDAP_ALLOW_NULL_SEARCH_BASE
> > > > and a subtree query with a base dn="" will search the first defined
> > > > backend in your configuration.
> > >
> > > Intriguing. If I only have one backend (which I'd expect is the most usual
> > > case), is this a potential "fix" for clients with no search base defined?
> >
> > I'm curious as to how "compatible" this workaround would be with future LDAPv3
> > support (given the introduction of the root DSE);  from reading IETF RFC 2251,
> > section 3.4 would tend to indicate that it should work (that is, the root DSE
> > is available in base searches, but not subtree searches - one-level searches
> > aren't mentioned).
> One thing I am still asking myself is:
> If I have different Suffixes for each country is:
> can i search with -b ""?
> 
> Konstantin

Just tried. I wouldn't recommend it, but it works.
Using the LDAP_ALLOW_NULL_SEARCH_BASE hack, and adding a
dummy suffix to the first entry, say suffix o=root, one
can add a referral:

dn: ref="ldap://myldaphost.domain/c=xx";, o=root
objectclass: referral
ref: ldap://myldaphost.domain/c=xx

This will allow for another backend with suffix c=xx to be searched
with an empty base. A c=xx search will be done in a separate connection,
and, at least with ldapsearch, will bind anonymous even when
authenticated
on the first connection.

-- 
Niels Poppe - org.net bv <niels@netbox.org>