Re: empty search base

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 09:24 AM 10/18/00 +0200, Pelle Eliasson wrote:
>When I try to make a search in my ldap db with an empty base I don't find
>any object.
>Is it possible to make a searh with an empty base or do I allways have to
>set it to something.

In the X.500 model as used by LDAP, the empty DN refers to the root
of the directory information tree (DIT).  If your server doesn't
hold the root, then a subtree or one-level search should return a
non-success result such as noSuchObject or referral (with a reference
to superior servers).  For LDAPv3, if the search scope is base,
server should return a server-specific entry called the root DSE
which holds information about the server.  For LDAPv2, a scope base
search should return noSuchObject (or the root DSE if supported).
The root DSE, of course, is never returned when the scope is one
level or subtree.

Some servers implement this model closely, others take some liberties
(many of which are allowed by the LDAP specifications).  With some
servers, the client empty DN search request magically locates
objects held by that server.  (some servers completely ignore the
specified DN).

Anyways, how to use or configure (if configurable) such magic is
implementation specific.  If using OpenLDAP and you desire to use
such magic, I suggest you direct an specific question to the
openldap-software mailing list (after scanning the archives, of
course, for answers).

Kurt