Problems with RootDSE and Access Controls

["Steve Kapinos" <Steve.Kapinos@tandbergusa.com>]

I have been using openldap 2.2 w/o issue using only the rootdn and
allowing anonymous read.

I am now trying to implement access control to allow selective reading
and writing to OUs in the directory.

The issue I'm having is, apparently I'm not giving enough access to get
the 'rootDSE'.  I can not find anything googling or using faq-o-matic on
describing exactly which entry this is or what is required for ldap
clients.  Best I can tell is LDAP v3 is supposed to 'advertise' this
RootDSE, LDAP v2 does not.  That's all I can find background wise on
this.

What I see in practice is, my softtera ldap browser I'm using as a
control test, complains 'No RootDSE found - probably it is an LDAPv2
server. Using default schema...'.  But it continues on Ok.  When this
happens, my other ldap client implementation freaks.

If I open anonymous access to everything, it works fine.  If I have my
access controls on, I can read/deny the OUs how I want it just fine in
softera's client, but I always get this rootDSE error which causes my
second ldap client to freak.. While the softera client rolls back to v2
ok.

So my question is, what do I have to make the rootdse available?

The base of the directory is  dc=tandberg,dc=int

I've tried 

access to dn.base="dc=tandberg,dc=int" by * read  

Without luck.. And the other dn.<> methods I've used give too much
permissions to some of the Ous below that I don't want to allow read to.

Any explanation on how to make the rootdse available is needed.  Thanks!

-Steve