How to Secure Access to Root DSE Entry (Doc ID 1605659.1)

Last updated on SEPTEMBER 28, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
All Platforms

- The RootDSE is a standard entry defined in the LDAP 3.0 specification.

- The RootDSE contains information about the directory server, including its capabilities and configuration.

- The search response will contain a standard set of information that is defined in the following RFC: RFC 2251 - Lightweight Directory Access Protocol (v3)

- The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*.

- The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry.

- In addition to server information, operational attributes may be exposed that allow for extended administration functionality.

Goal

By Default when you install ODSEE you can see the root dse using ldapsearch -

ldapsearch -h <ldap_hosts>  -p <ldap_port> -s base  -b ""  "objectclass=*"

 

For security reasons some customers want to hide information about this entry

 

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms