Bug 766322 - [RFE] Please support setting defaultNamingContext in the rootdse.
Summary: [RFE] Please support setting defaultNamingContext in the rootdse.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On: 742317
Blocks: 389_1.3.0 690319
TreeView+ depends on / blocked
 
Reported: 2011-12-11 17:03 UTC by Dmitri Pal
Modified: 2012-07-05 08:57 UTC (History)
7 users (show)

Fixed In Version: 389-ds-base-1.2.10.0-1.el6
Doc Type: Enhancement
Doc Text:
Cause: LDAP clients not configured with a search base attempting to search against the directory server. Consequence: There was no easy way to determine what default search base to use. Change: Added a new attribute to the root DSE (the entry with the empty dn "") called defaultNamingContext. This allows clients to easily discover what search base to use. Result: Clients can query the root DSE for the defaultNamingContext, then use that to search for users, etc.
Clone Of: 742317
Environment:
Last Closed: 2012-06-20 07:11:36 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 797743 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Product Errata RHSA-2012:0813 0 normal SHIPPED_LIVE Low: 389-ds-base security, bug fix, and enhancement update 2012-06-19 19:29:15 UTC

Internal Links: 797743

Comment 1 Rich Megginson 2012-01-06 23:50:32 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/26
Comment 3 Noriko Hosoi 2012-02-14 19:24:51 UTC 
Copied from https://fedorahosted.org/389/ticket/26

Steps to verify:

1. install DS (preferably with the admin server and Console)

2. Search nsslapd-defaultnamingcontext in cn=config and defaultnamingcontext in the rootdse. 
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext: <default suffix (e.g., dc=example,dc=com)>
$ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext
namingContexts: dc=example,dc=com
defaultnamingcontext: dc=example,dc=com

3. Add a new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed.

4. Remove the new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed.

5. Remove the original suffix "dc=example,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are both removed. 
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext:
$ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext
$

6. Add a new suffix "dc=newtest,dc=com" and verify the new suffix is set to nsslapd-defaultnamingcontext and defaultnamingcontext. 
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext: dc=newtest,dc=com
$ ldapsearch -LLLx -h localhost -p 10389 -b "" -s base | egrep namingcontext
namingContexts: dc=newtest,dc=com
defaultnamingcontext: dc=newtest,dc=com
Comment 4 Jenny Severance 2012-04-09 14:24:59 UTC 
QE automation complete for this feature
Comment 5 Rich Megginson 2012-05-24 22:16:44 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: LDAP clients not configured with a search base attempting to search against the directory server.
Consequence: There was no easy way to determine what default search base to use.
Change: Added a new attribute to the root DSE (the entry with the empty dn "") called defaultNamingContext.  This allows clients to easily discover what search base to use.
Result: Clients can query the root DSE for the defaultNamingContext, then use that to search for users, etc.
Comment 6 errata-xmlrpc 2012-06-20 07:11:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0813.html
Note You need to log in before you can comment on or make changes to this bug.