16.10 Getting Information about the LDAP Server

To get information about an LDAP server, you use ICE or an LDAP search. These utilities request information from rootDSE (Directory Service Agent, specific entry).

rootDSE is a pseudo object in a directory tree. It is an unnamed entry at the root of the tree. rootDSE holds information that is specific to the server that you are connected to. For example, rootDSE knows where the schema is located and the extensions and controls that the schema supports.

Because rootDSE is not a named entry in the tree, an LDAP server does not return rootDSE to the client as part of any normal search operation.

The following table lists information from rootDSE.

Information and Description


The schema's location: You find where the schema for the LDAP server or tree is located by reading the subschemaSubentry. For eDirectory, cn=schema is the base for the search.

subschemaSubentry: cn=schema

Supported extensions: Extensions enable you to manage the server (for example, creating or merging contexts, adding new replicas, refreshing the LDAP server, removing replicas, changing the replica type from master to read/write or read-only) and identities.

Extensions are in ASN.1OID format. For names of extensions, see LDAP Extensions.

supportedExtension: 2.16.840.1.113719. supportedExtension: 2.16.840.1.113719. supportedExtension: 2.16.840.1.113719.

Which vendor is providing the LDAP server.

vendorName: NetIQ Corporation.

Which directory version the LDAP server supports.

vendorVersion: eDirectory v8.7.0 (10410.29)

Which version of eDirectory is running.

vendorVersion: eDirectory v8.7.0 (10410.29)

The directory server name and the directory tree name.

dsaName: cn=WestWindNDS,o=westwind directoryTreeName: t=WESTWINDTREE

Supported SASL mechanisms.

supported SASLMechanisms: EXTERNAL supported SASLMechanisms: DIGEST-MD5 supported SASLMechanisms: NMAS LOGIN

Which version of LDAP server is supported.

supportedLDAPVersion: 2 supportedLDAPVersion: 3

Server statistics: rootDSE provides a variety of statistics about the LDAP server (for example, the number of strong authentication binds).

errors: 0 securityErrors: 0 chainings: 3 referralsReturned: 6 extendedOps: 0 abandonOps: 0 wholeSubtreeSearchOps: 1

Information from rootDSE is useful for application developers.

Scenario: Developing an Application— Henri is writing an application that creates a new replica. Henri reads rootDSE and finds supportedExtension: 2.16.840.1.113719. in the list. Henri knows that the server supports the call to create a new replica.

Also, NetIQ iManager checks to see what functionality is available in rootDSE and then behaves according to that information.

To search rootDSE, enter the following at a workstation:

ldapsearch -h hostname -p 389 -b "" -s base "objectclass=*"

This search can be performed by any application using the ldap_search APIs.

The key to the search is that the scope is base (-s base). Also note that the base is null and the filter is set to objectclass=*. In the case of this client, the base is -b.

For more information on reading the rootDSE, refer to one of the following:

For information on LDAP search filters, see LDAP Search Filters. This section is in the LDAP and NDS Integration section of the NDK documentation.