I would say that any user without the appropriate rights should not see the partition details (nameContext and supportedSASLMechanisms) of the partitions he doesn't belong to.
Regards, Pierre Smits *ORRTIZ.COM <http://www.orrtiz.com>* Services & Solutions for Cloud- Based Manufacturing, Professional Services and Retail & Trade http://www.orrtiz.com On Tue, Mar 25, 2014 at 7:56 PM, Emmanuel Lécharny <elecha...@gmail.com>wrote: > Le 3/25/14 5:35 PM, Jim Willeke a écrit : > > Does not say anything about "Admins" being the only ones to be able to > > retrieve the values. > > This is not how I read the RFC. > > "These attributes are retrievable, subject to access control and other > restrictions, if a client performs a Search operation" > > Here, 'user' is not specifically an admin. > > > > > > Only that they should be returned only as operational attributes would > be. > > > > How else would a client know the capabilities of the server? > I think that's not the point here. > > The question was : "can we block non-admin to fetch info from the > RootDSE" and the response is clearly yes, assuming that the right ACI is > set at the right place. > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > >
