Determining a Server’s Capabilities
Chapter 2
alluded to two new LDAPv3
features: the
subschemaSubentry
and the
rootDSE
objects. Both of these objects allow
clients to find out information about a previously unknown directory
server.
The rootDSE
object contains information about
features such as the server naming context, implemented SASL
mechanisms, and supported LDAP extensions and controls. LDAPv3
requires that the rootDSE
has an empty DN. To list
the rootDSE
, perform a base-level search using a
DN of “”. OpenLDAP will provide
only values held by the rootDSE
if the search
requests that operational attributes be returned, so the + character
is appended to the search request.
$ ldapsearch -x -s base -b "" "(objectclass=*)" + dn: structuralObjectClass: OpenLDAProotDSE namingContexts: dc=plainjoe,dc=org supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.2 supportedControl: 1.2.826.0.1.334810.2.3 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 subschemaSubentry: cn=Subschema
This list can change over time and will vary from server to server. ...
Get LDAP System Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.