[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdse and ldap uri's

KSmith@barton.ca wrote:
> This is the problem:
> I can contact the Domino LDAP server from my IE browser by > just specifying the URI (ldap://server)

Be careful to see Domino/LDAP as a reference for desired behaviour of LDAP servers. Domino/LDAP is just a LDAP interface to the Notes addressbook with certain limitations. Not wrapping the entries into a configurable naming context is one of the limitations.

The DIT in Domino/LDAP - respectively the LDAP DNs of the entries are derived from the hierarchical full name in the Notes address book following some hard-coded rules. Note that also different LDAP entries in Domino can be just different views on e.g. the same person document.

DIT and other unusual LDAP issues AFAIK are announced to be changed in Domino Rnext/R6.

> but in order to contact the OpenLDAP
> server I have to specify the entire URI with arguements
> (ldap://server/base??scope?filter).  If I don't specify the
> arguements then server returns zero entries.

This is the common behaviour of LDAP servers.

> There is a distinct difference between the RootDSE entries
> between the two LDAP and after going through the schema I can't
> see how the Domino LDAP RootDSE is being defined.

You're probably mixing RootDSE and search root here.

The RootDSE is a special entry where the server announces certain configuration data. Also the possible search roots to be used are defined in the multi-valued namingContexts attribute in the RootDSE.

> Domino LDAP:
> [..]
> namingcontexts:: AA==

BTW: This single null-byte in namingContexts attribute is a famous long lasting bug in Domino/LDAP hopefully going away in Rnext.

There are other issues with Domino/LDAP in R5 like LDAP connections being dropped after one or two LDAP operations. Technically I'd recommend to prefer OpenLDAP over Domino/LDAP if you have a choice.

Ciao, Michael.