Re: rootdse and ldap uri's

[Michael Ströder <michael@stroeder.com>]

KSmith@barton.ca wrote:
>
> This is the problem:
>      I can contact the Domino LDAP server from my IE browser by 
> just specifying the URI (ldap://server)

Be careful to see Domino/LDAP as a reference for desired behaviour 
of LDAP servers. Domino/LDAP is just a LDAP interface to the Notes 
addressbook with certain limitations. Not wrapping the entries 
into a configurable naming context is one of the limitations.

The DIT in Domino/LDAP - respectively the LDAP DNs of the entries 
are derived from the hierarchical full name in the Notes address 
book following some hard-coded rules. Note that also different 
LDAP entries in Domino can be just different views on e.g. the 
same person document.

DIT and other unusual LDAP issues AFAIK are announced to be 
changed in Domino Rnext/R6.

> but in order to contact the OpenLDAP
> server I have to specify the entire URI with arguements
> (ldap://server/base??scope?filter).  If I don't specify the
> arguements then server returns zero entries.

This is the common behaviour of LDAP servers.

> There is a distinct difference between the RootDSE entries
> between the two LDAP and after going through the schema I can't
> see how the Domino LDAP RootDSE is being defined.

You're probably mixing RootDSE and search root here.

The RootDSE is a special entry where the server announces certain 
configuration data. Also the possible search roots to be used are 
defined in the multi-valued namingContexts attribute in the RootDSE.

> Domino LDAP:
> [..]
> namingcontexts:: AA==

BTW: This single null-byte in namingContexts attribute is a famous 
long lasting bug in Domino/LDAP hopefully going away in Rnext.

There are other issues with Domino/LDAP in R5 like LDAP 
connections being dropped after one or two LDAP operations. 
Technically I'd recommend to prefer OpenLDAP over Domino/LDAP if 
you have a choice.

Ciao, Michael.