RE: No Such Object from Netscape

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 12:12 PM 9/27/00 -0700, Mike Komer wrote:
>I could have sworn I did try that, but I did it this time and it worked.
>
>Is there an explanation as to why the base is needed?

The search operation requires the client to provide a search
base so that it knows where to start the search from within the
DIT.  If the client specifies a base DN which the server does
not hold, the server should return a non-successful result
code.

LDAPv3 handling of an empty base DN depends upon scope.    If scope
is base, the root DSE is selected for return.  If the scope is one-level
and the server holds the "" namingContext, then all entries
directly under "" (eg: "c=US", "dc=com", etc.) are selected for return.
If the scope is subtree and the server holds the "" namingContext,
then all entries under "" are selected for return.  If the server
doesn't hold the namingContext "", the a non-successful result code
should be returned (noSuchObject, referral, or whatever).

Historically, some LDAPv2 servers mapped base "" requests to some
other DN within the server (regardless of scope).  However, this
is counter to LDAPv3 (X.500) specifications.  Some LDAPv3 servers,
do continue to map base "" requests for subtree and/or one-level
searches to other DNs.

OpenLDAP 2.0.4 allows a directory manager to configure a server
for such historical behavior.  See slapd.conf(5) and the
defaultSearchBase directive.  The use of this directive is not
recommended (as it will disallow for the more appropriate return
of a superior referral).

>I am very familiar
>with Novell's NDS. Is it like setting your context in the tree?

I not familiar with NDS, so I won't attempt to answer this question.