Determining a Server’s Capabilities
Chapter 2
alluded to two new LDAPv3
features: the
subschemaSubentry
and the
rootDSE
objects. Both of these objects allow
clients to find out information about a previously unknown directory
server.
The rootDSE object contains information about
features such as the server naming context, implemented SASL
mechanisms, and supported LDAP extensions and controls. LDAPv3
requires that the rootDSE has an empty DN. To list
the rootDSE, perform a base-level search using a
DN of “”. OpenLDAP will provide
only values held by the rootDSE if the search
requests that operational attributes be returned, so the + character
is appended to the search request.
$ ldapsearch -x -s base -b "" "(objectclass=*)" +
dn:
structuralObjectClass: OpenLDAProotDSE
namingContexts: dc=plainjoe,dc=org
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.2
supportedControl: 1.2.826.0.1.334810.2.3
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
subschemaSubentry: cn=SubschemaThis list can change over time and will vary from server to server. ...
Get LDAP System Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
