'[ldap] Re: Discovering the type of directory server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] Re: Discovering the type of directory server
From:       David A Dangerfield <ddanger () us ! ibm ! com>
Date:       2003-12-11 20:41:31
[Download RAW message or body]

This is a multipart message in MIME format.
--=_alternative 0070B0A086256DF9_Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

In my experience, IBM Directory Server has the following attribute in the 
rootDSE:

vendorname=International Business Machines (IBM)

That makes it pretty obvious.

David Dangerfield





Giovanni Baruzzi <giovanni.baruzzi@syntlogo.de>
12/01/2003 02:49 AM

 
        To:     ldap@umich.edu
        cc:     Michael Ströder <michael@stroeder.com>, "Hemant N. Ramnani" 
<hemant_ramnani@persistent.co.in>
        Subject:        [ldap] Re: Discovering the type of directory server



Ok. It is not reliable neiter implemented by every directory server 
but....

Querying the rootDSE (-b "" - s base "(objectclass=*)" ) returns this
object that contains a LOT of information about the directory server. At
least the protocol versions, the supported controls and the "naming
context" are fully reported... even Active directory support this object.

As for the type of server, you may check a few classes and attributes
that are specific to every vendor: for example if you receive an object
that contains attributes like:

isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2

you may be pretty sure that this is an active directory
and if you got:
netscapemdsuffix: cn=ldap://dc=s1,dc=yourcompany:389

you may think that you have to comply with an Netscape/iPlanet/SUN...


best regards
Giovanni


Michael Ströder wrote:

> Hemant N. Ramnani wrote:
> > Hello All,
> > I am trying to figure out what would be a best and full proof method
> > to find out the type of a directory server
> 
> Why? What do you want to achieve?
> 
> > i.e. whether the server is
> > OpenLDAP or iPlanet or Active Directory and so on.
> 
> No really deterministic way.
> 
> > One of the ways could be to check for directory specific objectclass/
> > attributes/LDAP controls supported in the schema of the directory 
server,
> 
> Not really reliable.
> 
> > however I was wondering if there is still a better/standard way. Or
> > we could check for specific root DSE attributes???
> 
> There's RFC 3045. But it is not widely supported. Some LDAP servers 
report 
> various specific things in cn=monitor.
> 
> Ciao, Michael.
> 
> 
> ---
> You are currently subscribed to ldap@umich.edu as: 
[giovanni.baruzzi@syntlogo.de]
> To unsubscribe send email to ldap-request@umich.edu with the word 
UNSUBSCRIBE as the SUBJECT of the message.
> 

-- 
Dr. Giovanni Baruzzi
Syntlogo GmbH
Turmgasse 2/1
D-71063 Sindelfingen

giovanni.baruzzi@syntlogo.de
t_ +49.(0)7031.8795.52
f_ +49.(0)7031.8795.54
m_ +49.(0)171.5062569


---
You are currently subscribed to ldap@umich.edu as: [ddanger@us.ibm.com]
To unsubscribe send email to ldap-request@umich.edu with the word 
UNSUBSCRIBE as the SUBJECT of the message.




---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.

--=_alternative 0070B0A086256DF9_Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<br><font size=2 face="sans-serif">In my experience, IBM Directory Server has the \
following attribute in the rootDSE:</font> <br>
<br><font size=2 face="sans-serif">vendorname=International Business Machines \
(IBM)<br> </font>
<br><font size=2 face="sans-serif">That makes it pretty obvious.</font>
<br><font size=2 face="sans-serif"><br>
David Dangerfield</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Giovanni Baruzzi \
&lt;giovanni.baruzzi@syntlogo.de&gt;</b></font> <p><font size=1 \
face="sans-serif">12/01/2003 02:49 AM</font> <br>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; \
&nbsp; &nbsp;ldap@umich.edu</font> <br><font size=1 face="sans-serif">&nbsp; &nbsp; \
&nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;Michael Ströder \
&lt;michael@stroeder.com&gt;, &quot;Hemant N. Ramnani&quot; \
&lt;hemant_ramnani@persistent.co.in&gt;</font> <br><font size=1 \
face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; \
&nbsp;[ldap] Re: Discovering the type of directory server</font> <br></table>
<br>
<br>
<br><font size=2 face="Courier New">Ok. It is not reliable neiter implemented by \
every directory server but....<br> <br>
Querying the rootDSE (-b &quot;&quot; - s base &quot;(objectclass=*)&quot; ) returns \
this<br> object that contains a LOT of information about the directory server. At<br>
least the protocol versions, the supported controls and the &quot;naming<br>
context&quot; are fully reported... even Active directory support this object.<br>
<br>
As for the type of server, you may check a few classes and attributes<br>
that are specific to every vendor: for example if you receive an object<br>
that contains attributes like:<br>
<br>
isGlobalCatalogReady: TRUE<br>
domainFunctionality: 0<br>
forestFunctionality: 0<br>
domainControllerFunctionality: 2<br>
<br>
you may be pretty sure that this is an active directory<br>
and if you got:<br>
netscapemdsuffix: cn=ldap://dc=s1,dc=yourcompany:389<br>
<br>
you may think that you have to comply with an Netscape/iPlanet/SUN...<br>
<br>
<br>
best regards<br>
Giovanni<br>
<br>
<br>
Michael Ströder wrote:<br>
<br>
&gt; Hemant N. Ramnani wrote:<br>
&gt;&gt; Hello All,<br>
&gt;&gt; I am trying to figure out what would be a best and full proof method<br>
&gt;&gt; to find out the type of a directory server<br>
&gt; <br>
&gt; Why? What do you want to achieve?<br>
&gt; <br>
&gt;&gt; i.e. whether the server is<br>
&gt;&gt; OpenLDAP or iPlanet or Active Directory and so on.<br>
&gt; <br>
&gt; No really deterministic way.<br>
&gt; <br>
&gt;&gt; One of the ways could be to check for directory specific objectclass/<br>
&gt;&gt; attributes/LDAP controls supported in the schema of the directory \
server,<br> &gt; <br>
&gt; Not really reliable.<br>
&gt; <br>
&gt;&gt; however I was wondering if there is still a better/standard way. Or<br>
&gt;&gt; we could check for specific root DSE attributes???<br>
&gt; <br>
&gt; There's RFC 3045. But it is not widely supported. Some LDAP servers report <br>
&gt; various specific things in cn=monitor.<br>
&gt; <br>
&gt; Ciao, Michael.<br>
&gt; <br>
&gt; <br>
&gt; ---<br>
&gt; You are currently subscribed to ldap@umich.edu as: \
[giovanni.baruzzi@syntlogo.de]<br> &gt; To unsubscribe send email to \
ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.<br> \
&gt; <br> <br>
-- <br>
Dr. Giovanni Baruzzi<br>
Syntlogo GmbH<br>
Turmgasse 2/1<br>
D-71063 Sindelfingen<br>
<br>
giovanni.baruzzi@syntlogo.de<br>
t_ +49.(0)7031.8795.52<br>
f_ +49.(0)7031.8795.54<br>
m_ +49.(0)171.5062569<br>
<br>
<br>
---<br>
You are currently subscribed to ldap@umich.edu as: [ddanger@us.ibm.com]<br>
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.<br> </font>
<br>
<br>

---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
                SUBJECT of the message.
--=_alternative 0070B0A086256DF9_=--


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic