Re: How to find server root DN?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 02:32 PM 7/20/00 +0200, Mikael Grehn wrote:
>Howdy!
>
>I have written an LDAP klient (v3) that I would like to try against
>different servers f.e. "ldap.bigfoot.com" e.t.c. These are (mostly)
>LDAPv2 servers that doesnt support DSE (which contain root DN?).

This is known as the Root DSE which is named with an empty DN.

>The
>client works great with my own LDAP server (in which I know the root DN,
>"c=SE").
>
>How can I find a server root DN in an LDAPv2 server?

There is no defined mechanism defined in the specification.
The client, in general, must have a priori knowledge (such
as the presence of cn=config).

>What should the
>search criteria be to perform such a request(get root dn)?

LDAPv2 only servers generally do not have a root DSE.  An LDAPv2
server which also supports LDAPv3 may have a root DSE but it may
only be accessible when using LDAPv3.  (Most servers make it
available under LDAPv2 as well, but your mileage may vary).

Some LDAPv2 implementations (U-Mich derived ones such as OpenLDAP)
usually have a "cn=config" entry which you can read.  You might
be able to use values found here.  Note that "database" is
similar to "namingContexts", excepting each suffix of a database
is presented as a ' : ' separated list.

>Should I use the DSE entry in LDAPv3 server to find out the root DN?

Whenever such is available and accessible, yet.

>What is the attributetype that contain this value?

namingContexts

Note that it allows multiple values.

>Any public (anonymous access) LDAPv3 server out there that I could test
>against?

root.openldap.org
ldap.openldap.org

>LDAPv2 servers I know: "ldap.bigfoot.com",
>"ldap.infospace.com"," ldap.switchboard.com", "ldap.whowhere.com" e.t.c.
>but how should I perform search requests against these when I dont know
>the DN schema/root DN?
>
>Greatful for any help/hints!
>--
>sincerely
>
>Mikael Grehn