My Oracle Support Banner

How to Secure Access to Root DSE Entry (Doc ID 1605659.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
All Platforms

- The RootDSE is a standard entry defined in the LDAP 3.0 specification.

- The RootDSE contains information about the directory server, including its capabilities and configuration.

- The search response will contain a standard set of information that is defined in the following RFC: RFC 2251 - Lightweight Directory Access Protocol (v3)

- The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*.

- The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry.

- In addition to server information, operational attributes may be exposed that allow for extended administration functionality.


By Default when you install ODSEE you can see the root dse using ldapsearch -

ldapsearch -h <ldap_hosts>  -p <ldap_port> -s base  -b ""  "objectclass=*"


For security reasons some customers want to hide information about this entry




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.