My Oracle Support Banner

ODSEE - How to Secure Access to Root DSE Entry (Doc ID 1605659.1)

Last updated on MAY 17, 2023

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
All Platforms

- The RootDSE is a standard entry defined in the LDAP 3.0 specification.

- The RootDSE contains information about the directory server, including its capabilities and configuration.

- The search response will contain a standard set of information that is defined in the following RFC: RFC 2251 - Lightweight Directory Access Protocol (v3)

- The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*.

- The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry.

- In addition to server information, operational attributes may be exposed that allow for extended administration functionality.

Goal

By Default when installing ODSEE the root dse can be retrieved anonymously using ldapsearch -

ldapsearch -h <ldap_host> -p <ldap_port> -s base  -b ""  "objectclass=*"

 

For security reasons information in this entry may want to only be accessible by Directory Manager.

 Example of RooDSE entry in ODSEE

ldapsearch -h <HOSTNAME> -p <PORT> -s base -b "" "objectclass=*"
version: 1
dn:
objectClass: top
namingContexts: dc=<SUFFIX_DN>
supportedExtension: 2.16.840.1.113730.3.5.7
supportedExtension: 2.16.840.1.113730.3.5.8
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.25
supportedExtension: 2.16.840.1.113730.3.5.3
......

.....

enabledSSLCiphers: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
enabledSSLCiphers: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
enabledSSLCiphers: SSL_RSA_EXPORT_WITH_RC4_40_MD5
enabledSSLCiphers: SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
enabledSSLCiphers: SSL_CK_RC4_128_WITH_MD5
enabledSSLCiphers: SSL_CK_RC2_128_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_DES_192_EDE3_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_DES_64_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_RC4_128_EXPORT40_WITH_MD5
enabledSSLCiphers: SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5

 


 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
  
   


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.