[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: root DSE attributes
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Mark Adamson
> Using the 2.0.23 build, how does one add/mod rootDSE attributes, such as
> "supportedSASLmechanisms"? The function rootDseAttribute() in
> schema_prep.c requires that the entry's e_nname be of 0 length, but the
> do_modify() function in modify.c, around line 200, says that if the length
> of the ndn is 0, an error message "modify upon the root DSE not supported"
> is returned. So how do you add/modify an attribute that gets sent through
> rootDseAttribute() for a check?
You don't.
>
> slapd.conf says:
> rootdn: dc=cmu,dc=edu
>
> What should the modify LDIF say:
>
> dn:
> supportedSASLMechanisms: KERBEROS_V4
>
> or what? I am getting either the modify not supported error message
> if the dn: line is blank, or if I put the rootdn as the dn: line in the
> LDIF I get a message saying the supportedSASLMechanisms attr can only
> go in the root DSE.
There are no user-modifiable attributes in the root DSE. They are all
operational attributes, generated by the server. In particular, with
"supportedSASLMachanisms" slapd simply obtains a list of mech names from
the SASL library. If the SASL library doesn't support "KERBEROS_V4" then
nothing you can do from an LDAP client is going to magically enable it.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support