[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [LDAP-SOFTWARE] ACLand regex (matching self)


On Tuesday 04 March 2003 11:41, Ace Suares wrote:
> Hello,
> Is there anyone on the list that can help me with these questions ?
> Howard, it seems you are updating the admin guide, and even have the
> feeling that no one reads it. I check the admin guide several times a week
> ;-) but can't find any additions as to the questions I raise.
> Is there anybody on the list that experiences the same problems (that is,
> ACL don't work as expected because there are hidden objects that need some
> level of access ?)

AFAIK there is only one object that seems to be hidden:
The tree root, with the name "" (the empty string between the quotes)
This object is not hidden, but has simply an empty name which
makes it hard to find.
This object contains information about the directory:
where to find the schema, which naming contexts are there, 
what LDAP controls/extensions the server supports, ...

All these informations are given in attributes of the rootDSE.
The values of these attributes may be DNs for branches in the
directory tree. 
The most famous examples are the subschemaSubentry attribute which 
contains the the DN of the schema and the namingContexts attribute
that contains the names of the top level nodes of your directory branches.

ldapsearch -b "" -s base '(objectclass=*)' +
gives you the information required.

All this and a lot more is well documented in RFC 2251 that describes 

Peter Marschall     |   eMail: peter.marschall@mayn.de
PGP: 0BB1 04A3 0FB0 E27F 8018 52BA A286 7B23 9C22 2C83