No need to quote the RFC with me, I know that it can be subject to access control - read my question. You know of situations when it is actually set to anything but read-only by everyone?
Alex On Tue, May 6, 2008 at 1:04 AM, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote: > Alex Karasulu wrote: > > > This is because the RootDSE is usually bare so applications can perform > > discovery but some servers might want to protect it. Know of any situation > > when the RootDSE could be hidden? > > > RFC 4512 : > > 5.1. Server-Specific Data Requirements > > An LDAP server SHALL provide information about itself and other > information that is specific to each server. This is represented as > a group of attributes located in the root DSE, which is named with > the DN with zero RDNs (whose [RFC4514] representation is as the > zero-length string). > > These attributes are retrievable, _subject to access control_ and other > restrictions, if a client performs a Search operation [RFC4511] with > an empty baseObject, scope of baseObject, the filter"(objectClass=*)" > [RFC4515], and the attributes field listing the > names of the desired attributes. > > > -- > -- > cordialement, regards, > Emmanuel Lécharny > www.iktek.com > directory.apache.org > > >
