j@telepaths.org writes:
For compatibility reasons, It may well be in OpenLDAP's best interest to provide options such as the ones I described previously, for "broken" or "substandard" clients such as the ones I am using.
If someone (you?) cares enough, they can write an overlay to the OpenLDAP slapd frontend which intercepts searches with (baseObject="", scope=wholeSubtree) and changes the scope of the operation to baseObject. That shouldn't be much code.
A server using this overlay must not have a database with suffix "", since this would break subtree searches in that database.
I will point out that Solaris 11 doesn't exhibit these issues ---- But my company wants to use Solaris 10, which leaves me in the middle of a finger pointing party between OPENLDAP and SUN. So you can understand why I might be asking for something as strange as this ....
SUN says OpenLDAP's standard/methods are questionable & strange. OpenLDAP says Sun's client is broken and that we should hack it. I say screw Solaris 10.
Are they saying it somewhere public? I'm sure there are some OpenLDAP things they disagree with (I do too), but on this, RFC 4512 section 5.1 is quite clear, not to say loud:
"The root DSE SHALL NOT be included if the client performs a subtree search starting from the root."
(Onelevel search is not relevant in this context since it wouldn't return the baseobject anyway.)