[Kolab-devel] Kolab2: More fun with LDAP

Stephan Buys list at codefusion.co.za
Thu Aug 12 09:46:28 CEST 2004

Hi all,

I would like to recommend implementing an extended rootDSE in kolab so that
clients can automatically derive wether or not a server is a kolab server by 
doing a simple LDAP query.

What is the rootDSE? The rootDSE is the "root" of the directory server and 
doesn't form part of any namespace in the LDAP tree. The purpose being to 
provide information about the LDAP server. 

What usefull information does it give us by default?
Do the following:
ldapsearch -L -h mykolabserver -b "" -s base 'objectclass=*' "+" "*"

This will return all sorts of usefull information about the directory. For 
example we are immediately able to see its an OpenLDAP server.

Now create /kolab/etc/kolab/rootDSE.ldif with:
objectClass: kolab

And add the following to slapd.conf.template:
--- slapd.conf.template.old     2004-08-12 09:07:54.767073776 +0200
+++ slapd.conf.template 2004-08-12 09:37:26.120787080 +0200
@@ -24,6 +24,7 @@
 TLSCertificateFile     @l_prefix@/etc/kolab/cert.pem
 TLSCertificateKeyFile  @l_prefix@/etc/kolab/key.pem

+rootDSE                /kolab/etc/kolab/rootDSE.ldif
 require        none
 allow          bind_v2

Then execute:

If you now do the following rootDSE query:
#ldapsearch -L -h mykolab2host -b "" -s base 'objectclass=kolab'

You should get:
objectClass: top
objectClass: OpenLDAProotDSE
objectClass: kolab

So suddenly we can determine if an LDAP server is running kolab by using 

We could conceivably (of course schema updates will be required) have a 
rootDSE.ldif containing all sorts of usefull information to be used to 
configure clients, admin tools... For example:
objectClass: kolab
serverType: master/slave


More information about the devel mailing list