Product/Component Concerned: eDirectory / LDAP
Target Audience: Beginners
Platform: All (Demonstrated on Linux)
RootDSE stands for Root DSA (Directory Service Agent) Specific Entry, which is the root of the LDAP server. This entry is a pseudo object in the tree, which means it’s an unnamed entry at the root of the tree. This entry holds the configuration information about the connected eDirectory server. As mentioned, the rootDSE is an unnamed entry, a search against the eDirectory tree won’t return you the rootDSE object.
The following is list contains the most common information that a rootDSE holds.
All the above information can be read by doing a simple LDAP search against the RootDSE object using the following settings:
This can be done through the ldapsearch tool or even through a simple application written using any LDAP SDK.
So, the ldapsearch to do the RootDSE search would look like:
ldapsearch -h <hostname> -p <port number> -b "" -s base "objectclass=*"
The following is the sample output of the RootDSE search:
subschemaSubentry: cn=schema supportedGroupingTypes: 2.16.840.1.113722.214.171.124.8 namingContexts: supportedExtension: 2.16.840.1.1137126.96.36.199.1 supportedExtension: 2.16.840.1.1137188.8.131.52.3 supportedExtension: 2.16.840.1.1137184.108.40.206.5 supportedExtension: 2.16.840.1.1137220.127.116.11.7 supportedExtension: 2.16.840.1.113718.104.22.168.9 supportedExtension: 2.16.840.1.113722.214.171.124.11 supportedExtension: 2.16.840.1.1137126.96.36.199.13 supportedExtension: 2.16.840.1.1137188.8.131.52.15 supportedExtension: 2.16.840.1.1137184.108.40.206.17 supportedExtension: 2.16.840.1.1137220.127.116.11.100.1 supportedExtension: 2.16.840.1.113718.104.22.168.100.3 supportedExtension: 2.16.840.1.113722.214.171.124.100.5 supportedExtension: 2.16.840.1.1137126.96.36.199.100.7 supportedExtension: 2.16.840.1.1137188.8.131.52.100.9 supportedExtension: 2.16.840.1.1137184.108.40.206.100.11 supportedExtension: 2.16.840.1.1137220.127.116.11.100.13 supportedExtension: 2.16.840.1.113718.104.22.168.100.15 supportedExtension: 2.16.840.1.113722.214.171.124.100.17 supportedExtension: 2.16.840.1.1137126.96.36.199.100.19 supportedExtension: 2.16.840.1.1137188.8.131.52.100.21 supportedExtension: 2.16.840.1.1137184.108.40.206.100.23 supportedExtension: 2.16.840.1.1137220.127.116.11.100.25 supportedExtension: 2.16.840.1.113718.104.22.168.1 supportedExtension: 2.16.840.1.113722.214.171.124.3 supportedExtension: 2.16.840.1.1137126.96.36.199.5 supportedExtension: 2.16.840.1.1137188.8.131.52.7 supportedExtension: 2.16.840.1.1137184.108.40.206.11 supportedExtension: 2.16.840.1.1137220.127.116.11.13 supportedExtension: 2.16.840.1.113718.104.22.168.15 supportedExtension: 2.16.840.1.113722.214.171.124.17 supportedExtension: 2.16.840.1.1137126.96.36.199.19 supportedExtension: 2.16.840.1.1137188.8.131.52.21 supportedExtension: 2.16.840.1.1137184.108.40.206.23 supportedExtension: 2.16.840.1.1137220.127.116.11.25 supportedExtension: 2.16.840.1.113718.104.22.168.27 supportedExtension: 2.16.840.1.113722.214.171.124.29 supportedExtension: 2.16.840.1.1137126.96.36.199.31 supportedExtension: 2.16.840.1.1137188.8.131.52.33 supportedExtension: 2.16.840.1.1137184.108.40.206.35 supportedExtension: 2.16.840.1.1137220.127.116.11.37 supportedExtension: 2.16.840.1.113718.104.22.168.39 supportedExtension: 2.16.840.1.113722.214.171.124.41 supportedExtension: 2.16.840.1.1137126.96.36.199.96 supportedExtension: 2.16.840.1.1137188.8.131.52.98 supportedExtension: 2.16.840.1.1137184.108.40.206.101 supportedExtension: 2.16.840.1.1137220.127.116.11.103 supportedExtension: 2.16.840.1.113718.104.22.168.1 supportedExtension: 2.16.840.1.113722.214.171.124.4 supportedExtension: 2.16.840.1.1137126.96.36.199.6 supportedExtension: 2.16.840.1.1137188.8.131.52.9 supportedExtension: 2.16.840.1.1137184.108.40.206.43 supportedExtension: 2.16.840.1.1137220.127.116.11.45 supportedExtension: 2.16.840.1.113718.104.22.168.47 supportedExtension: 2.16.840.1.113722.214.171.124.49 supportedExtension: 2.16.840.1.1137126.96.36.199.51 supportedExtension: 2.16.840.1.1137188.8.131.52.53 supportedExtension: 2.16.840.1.1137184.108.40.206.55 supportedExtension: 220.127.116.11.4.1.1466.20037 supportedExtension: 2.16.840.1.113718.104.22.168.79 supportedExtension: 2.16.840.1.113722.214.171.124.84 supportedExtension: 2.16.840.1.1137126.96.36.199.1 supportedExtension: 2.16.840.1.1137188.8.131.52.2 supportedControl: 2.16.840.1.1137184.108.40.206.6 supportedControl: 2.16.840.1.1137220.127.116.11.5 supportedControl: 1.2.840.113518.104.22.1689 supportedControl: 2.16.840.1.113722.214.171.124 supportedControl: 2.16.840.1.1137126.96.36.199 supportedControl: 2.16.840.1.1137188.8.131.52.7 supportedControl: 2.16.840.1.1137184.108.40.206.40 supportedControl: 2.16.840.1.1137220.127.116.11.41 supportedSASLMechanisms: NMAS_LOGIN supportedLDAPVersion: 2 supportedLDAPVersion: 3 supportedFeatures: 18.104.22.168.4.1.422.214.171.124 supportedFeatures: 2.16.840.1.1137126.96.36.199.1 vendorName: Novell, Inc. vendorVersion: LDAP Agent for Novell eDirectory 8.8 SP6 (20601.12) dsaName: cn=PALSLES10,o=novell directoryTreeName: PALEVT outBytes: 95046447 inBytes: 119500 repUpdatesOut: 0 repUpdatesIn: 0 errors: 0 securityErrors: 0 chainings: 0 referralsReturned: 0 extendedOps: 1862 abandonOps: 0 wholeSubtreeSearchOps: 1862 oneLevelSearchOps: 0 searchOps: 1867 listOps: 0 modifyRDNOps: 0 modifyEntryOps: 0 removeEntryOps: 0 addEntryOps: 0 compareOps: 0 readOps: 5 inOps: 7466 bindSecurityErrors: 0 strongAuthBinds: 0 simpleAuthBinds: 1869 unAuthBinds: 1462
The following details can be inferred from the above output:
|Location of the schema||cn=schema (the subschema subentry). This entry can be given as the ‘BASE’ of a LDAP search and the schema can be read|
|Supported Extensions||Extensions are in ASN.1OID format. Each OID corresponds to a different extension (like adding new replicas, refreshing the LDAP server, etc)|
|Supported Controls||Controls are in ASN.1OID format. Each OID corresponds to a different control (like paged results, server side sort etc)|
|Vendor name and version of the server||Novell, Inc is the vendor Name
LDAP Agent for Novell eDirectory 8.8 SP6 (20601.12) is the version
|The DSA name of the server||cn=PALSLES10,o=novell|
|Supported SASL Mechanisms||NMAS_LOGIN|
|Versions of LDAP supported||2 and 3|
|LDAP server statistics (includes the number of operations happened, referral mechanism used etc)||
SearchOps: 1867 ? Specifies the number of searches that had been done on the server
simpleAuthBinds: 1869 ? Specifies the number of authenticated binds that had been done on the server
unAuthBinds: 1462? Specifies the number of anonymous binds that had been done on the server
Chainings: 0 ? Chaining Count
referralsReturned: 0 ? Referral Count
extendedOps: 1862 ? Specifies the number of extended operations that had been done on the server
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.