Kurt D. Zeilenga wrote:

At 01:37 AM 11/19/2006, michael@stroeder.com wrote:

...

I'd like to see support for RFC 3045 in slapd.

The only reasonably decent use of such attributes is for administrators to determine whether they need to upgrade some software or not

Yes, that's what I'm after.

We provide cn=monitor for this purpose.

This is proprietary. Think of vendor-independent management/monitoring software which just gives an terse overview.

While it certainly is possible for a client to abuse cn=monitor version information, the very fact that the version information is in cn=monitor, which generally requires special authorization to read, instead of the root dse, which generally is readable by most every client, is effective in discouraging this abuse.

The server admin can easily define access control for vendor information in root DSE. The sample slapd.conf could endorse this. Or another value for configuration directive 'allow'.

Ciao, Michael.