Alex Karasulu wrote:
No need to quote the RFC with me, I know that it can be subject to
access control - read my question.
Sorry, I misunderstood your question, not intended to make you feel like
you don't know the RFC.
You know of situations when it is actually set to anything but
read-only by everyone?
When you use HTTPd, you usually mask the version and name just for
security reasons (if you know which version you are connected too, you
can use the knowns security issues the specific version has to attack
the server).
I don't know if this is a strong enough use case anyway. Let say that
this JIRA is pretty much a 'non conformance to the spec' JIRA.
I can downgrade it to Improvement, instead of 'bug'.
Not a big deal, really !
Alex
On Tue, May 6, 2008 at 1:04 AM, Emmanuel Lecharny
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Alex Karasulu wrote:
This is because the RootDSE is usually bare so applications
can perform discovery but some servers might want to protect
it. Know of any situation when the RootDSE could be hidden?
RFC 4512 :
5.1. Server-Specific Data Requirements
An LDAP server SHALL provide information about itself and other
information that is specific to each server. This is represented as
a group of attributes located in the root DSE, which is named with
the DN with zero RDNs (whose [RFC4514] representation is as the
zero-length string).
These attributes are retrievable, _subject to access control_ and
other
restrictions, if a client performs a Search operation [RFC4511] with
an empty baseObject, scope of baseObject, the
filter"(objectClass=*)" [RFC4515], and the attributes field
listing the
names of the desired attributes.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com <http://www.iktek.com>
directory.apache.org <http://directory.apache.org>
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
