Seems to be the case, from very cursory inspection.
Really an issue with the DSA, it should properly report its capabilities.
Yeah! I did it, thanks all, who helped.
Searching for "rootDSE" in Internet showed that it is exported by LDAP server as other data (in common words) so access control are applied to it too. And my hands ( lame ;) ) wrote at the end of slapd.conf:
access dn=".*,dc=domain,dc=my" by * read
But rootDSE, of course not subtree of this! And LDAP, honestly, denied access to it. So the solution was:
access to * by * read
Thanks all again!
---- Alexander Zubkov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
