[
https://issues.apache.org/jira/browse/DIRSERVER-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838939#action_12838939
]
Quanah Gibson-Mount commented on DIRSERVER-1214:
------------------------------------------------
This is a very real issue, and ignoring it doesn't make it go away. :)
I can show you the behavior for OpenLDAP (For ldap.stanford.edu, which has a
root of "dc=stanford,dc=edu"
tribes:~> ldapsearch -x -h ldap -b "" | more
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# stanford.edu
dn: dc=stanford,dc=edu
objectClass: dcObject
objectClass: organization
o: Stanford University
dc: stanford
l: Palo Alto
(etc)
More importantly, is how are you going to handle people who have databases
rooted at ""? That's what we do at Zimbra, as we support ISP's, and thus
multiple domains that could exist across org, com, edu, etc. You should
*always* be able to do a subtree search on "", and it should simply return the
databases as they exist (according to ACL rules, etc, of course).
It is the same as any other subtree search.
--Quanah
> Searches done with an empty baseDN are not accepted, except for the rootDSE
> ---------------------------------------------------------------------------
>
> Key: DIRSERVER-1214
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1214
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.5.3
> Reporter: Emmanuel Lecharny
> Fix For: 1.5.6
>
>
> We can't do a search with an empty baseDN, when it's not specifically a
> rootDSE search (ie, (objectClass=*) and scope=OBJECT).
> We should consider that such a search is spreaded on all the partitions.
> This is not easy to implement without the nested partitions, as the current
> existing partitions are potentially stoed in different backends.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
