[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP subtree search with zero-length DN for baseObject?
Our server follows the "search all the naming contexts you have locally" model which I think is reasonable.
Jim
>>> "RL 'Bob' Morgan" <rlmorgan@washington.edu> 2/10/00 10:43:42 AM >>>
RFC 2251 says, in section 3.4:
An LDAP server MUST provide information about itself and other
information that is specific to each server. This is represented as
a group of attributes located in the root DSE (DSA-Specific Entry),
which is named with the zero-length LDAPDN. These attributes are
retrievable if a client performs a base object search of the root
with filter "(objectClass=*)", however they are subject to access
control restrictions. The root DSE MUST NOT be included if the
client performs a subtree search starting from the root.
It isn't clear to me, though, what the expected result should be from a
subtree search where the baseObject is the zero-length DN. It mustn't
include the root DSE info, but what should it include? Should this mean
"the subtree rooted at root of the global DIT"? Presumably, if so, in
existing cases this would typically fail since the DSA doesn't know how to
contact a DSA for "the root". Or can a DSA interpret it as "search all
the naming contexts you have locally?" By experiment I find that servers
I've tried this on report "no such object".
Thanks,
- RL "Bob"