=46rom Solaris 10's 'ldapclient' manpage:

defaultSearchScope=3Done | sub

Specify the default search scope for the client's search operations. This default can be overridden for a given service by specifying a serviceSearchDescriptor. The default is one level search.

The parameter 'defaultSearchScope' only allows ONE or SUB.

The 'serviceSearchDescriptor' is not an option, since this is designed = to work with NSS objects like 'passwd', 'shadow', 'hosts', etc. rootDSE = is not a service in that sense, so it won't work here.

For compatibility reasons, It may well be in OpenLDAP's best interest to = provide options such as the ones I described previously, for "broken" or = "substandard" clients such as the ones I am using.

I will point out that Solaris 11 doesn't exhibit these issues ---- But = my company wants to use Solaris 10, which leaves me in the middle of a = finger pointing party between OPENLDAP and SUN. So you can understand = why I might be asking for something as strange as this ....

SUN says OpenLDAP's standard/methods are questionable & strange. = OpenLDAP says Sun's client is broken and that we should hack it. I say = screw Solaris 10.

Thank you for your assistance. You can probably close this ticket.

J

On Jan 5, 2010, at 10:05 , masarati@aero.polimi.it wrote:

The behavior you describe violates RFC 4512 (section 5.1), while =

OpenLDAP

complies with it. Please note that the root DSE is accessed using a plain, perfectly legal LDAP operation. The fact a client cannot be configured to perform such a simple operation clearly indicates the =

client

is broken. A quick answer would be "get the client fixed". =20

<advertisement> I can imagine simple workarounds, consisting in few lines of code that allow to circumvent the issue. They probably require to hire some =

expert

consultant.

</advertisement> =20 p. =20