[Date Prev][Date Next]
Re: rootdse and ldap uri's
> This is the problem:
> I can contact the Domino LDAP server from my IE browser by
> just specifying the URI (ldap://server)
Be careful to see Domino/LDAP as a reference for desired behaviour
of LDAP servers. Domino/LDAP is just a LDAP interface to the Notes
addressbook with certain limitations. Not wrapping the entries
into a configurable naming context is one of the limitations.
The DIT in Domino/LDAP - respectively the LDAP DNs of the entries
are derived from the hierarchical full name in the Notes address
book following some hard-coded rules. Note that also different
LDAP entries in Domino can be just different views on e.g. the
same person document.
DIT and other unusual LDAP issues AFAIK are announced to be
changed in Domino Rnext/R6.
> but in order to contact the OpenLDAP
> server I have to specify the entire URI with arguements
> (ldap://server/base??scope?filter). If I don't specify the
> arguements then server returns zero entries.
This is the common behaviour of LDAP servers.
> There is a distinct difference between the RootDSE entries
> between the two LDAP and after going through the schema I can't
> see how the Domino LDAP RootDSE is being defined.
You're probably mixing RootDSE and search root here.
The RootDSE is a special entry where the server announces certain
configuration data. Also the possible search roots to be used are
defined in the multi-valued namingContexts attribute in the RootDSE.
> Domino LDAP:
> namingcontexts:: AA==
BTW: This single null-byte in namingContexts attribute is a famous
long lasting bug in Domino/LDAP hopefully going away in Rnext.
There are other issues with Domino/LDAP in R5 like LDAP
connections being dropped after one or two LDAP operations.
Technically I'd recommend to prefer OpenLDAP over Domino/LDAP if
you have a choice.