ODSEE - How to Secure Access to Root DSE Entry
(Doc ID 1605659.1)
Last updated on MAY 17, 2023
Applies to:
Oracle Directory Server Enterprise Edition - Version 6.0 and laterAll Platforms
- The RootDSE is a standard entry defined in the LDAP 3.0 specification.
- The RootDSE contains information about the directory server, including its capabilities and configuration.
- The search response will contain a standard set of information that is defined in the following RFC: RFC 2251 - Lightweight Directory Access Protocol (v3)
- The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*.
- The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry.
- In addition to server information, operational attributes may be exposed that allow for extended administration functionality.
Goal
By Default when installing ODSEE the root dse can be retrieved anonymously using ldapsearch -
ldapsearch -h <ldap_host> -p <ldap_port> -s base -b "" "objectclass=*"
Example of RooDSE entry in ODSEE
ldapsearch -h <HOSTNAME> -p <PORT> -s base -b "" "objectclass=*"
version: 1
dn:
objectClass: top
namingContexts: dc=<SUFFIX_DN>
supportedExtension: 2.16.840.1.113730.3.5.7
supportedExtension: 2.16.840.1.113730.3.5.8
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.25
supportedExtension: 2.16.840.1.113730.3.5.3
......
.....
enabledSSLCiphers: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
enabledSSLCiphers: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
enabledSSLCiphers: SSL_RSA_EXPORT_WITH_RC4_40_MD5
enabledSSLCiphers: SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
enabledSSLCiphers: SSL_CK_RC4_128_WITH_MD5
enabledSSLCiphers: SSL_CK_RC2_128_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_DES_192_EDE3_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_DES_64_CBC_WITH_MD5
enabledSSLCiphers: SSL_CK_RC4_128_EXPORT40_WITH_MD5
enabledSSLCiphers: SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |