How to Secure Access to Root DSE Entry
(Doc ID 1605659.1)
Last updated on MAY 17, 2018
Applies to:Oracle Directory Server Enterprise Edition - Version 6.0 and later
- The RootDSE is a standard entry defined in the LDAP 3.0 specification.
- The RootDSE contains information about the directory server, including its capabilities and configuration.
- The search response will contain a standard set of information that is defined in the following RFC: RFC 2251 - Lightweight Directory Access Protocol (v3)
- The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*.
- The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry.
- In addition to server information, operational attributes may be exposed that allow for extended administration functionality.
By Default when you install ODSEE you can see the root dse using ldapsearch -
ldapsearch -h <ldap_hosts> -p <ldap_port> -s base -b "" "objectclass=*"
For security reasons some customers want to hide information about this entry
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!