RE: root DSE attributes

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Mark Adamson

> Using the 2.0.23 build, how does one add/mod rootDSE attributes, such as
> "supportedSASLmechanisms"?  The function rootDseAttribute() in
> schema_prep.c requires that the entry's e_nname be of 0 length, but the
> do_modify() function in modify.c, around line 200, says that if the length
> of the ndn is 0, an error message "modify upon the root DSE not supported"
> is returned. So how do you add/modify an attribute that gets sent through
> rootDseAttribute() for a check?

You don't.
>
> slapd.conf says:
> rootdn: dc=cmu,dc=edu
>
> What should the modify LDIF say:
>
> dn:
> supportedSASLMechanisms: KERBEROS_V4
>
> or what?   I am getting either the modify not supported error message
> if the dn: line is blank, or if I put the rootdn as the dn: line in the
> LDIF I get a message saying the supportedSASLMechanisms attr can only
> go in the root DSE.

There are no user-modifiable attributes in the root DSE. They are all
operational attributes, generated by the server. In particular, with
"supportedSASLMachanisms" slapd simply obtains a list of mech names from
the SASL library. If the SASL library doesn't support "KERBEROS_V4" then
nothing you can do from an LDAP client is going to magically enable it.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support