Re: namingContexts

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 04:36 PM 6/11/99 +0100, Eithne Holmes wrote:
>Hi,
>NamingContexts (top level) attribute is defined as follows :
>5.2.1 namingContexts 
>	The values of this attribute correspond to naming contexts which
>this server masters or shadows. If the server does not master any
>information (e.g. it is an LDAP gateway to a public X.500 directory) this
>attribute will be absent. If the server believes it contains the entire
>directory, the attribute will have a single value, and that value will be
>the empty string (indicating the null DN of the root). This attribute will
>allow a client to choose suitable base objects for searching when it has
>contacted a server. 
>
>I can't figure in what case there's likely to be only a single empty string
>value.

  If the server believes it contains the entire
  directory, the attribute will have a single value, and that value will be
  the empty string (indicating the null DN of the root).

If the server is all knowning within a global context, then it
would have a single namingContexts attribute with an empty string.
Such a server would, to use DNS terminology, would be a "root"
directory server.

>as the current domain name at least seems to always be returned.  If
>the empty string (null DN) were returned would it suffice as the base object
>parameter in the search function ? 

Yes, you could do:

	ldapsearch -b '' '(objectclass=*)'

Of course, the server might refuse such a search request.

>Searching on the null DN only returns
>server attribute info and no children in any scenario I've come across
>(talking to Netscape Directory server).

The ROOT_DSE attributes should only be provided when doing:
	ldapsearch -b '' -s base '(objectclass=*)'