Oracle Unified Directory Root DSE entry and schema
By Sylvain Duloutre-Oracle on Feb 08, 2012
The root DSE entry (empty dn) is often used by LDAP client applications to discover directory services capabilities. For instance, attribute namingContexts gives indications about the suffixes managed by the directoy server instance. All these attributes are flagged as OPERATIONAL, so, they should not be returned to client applications unless they are explicitely specified in the search attribute list.
OUD strictly adheres to LDAP standards so these attributes are not returned by default. In Oracle Directory Server Entreprise Edition (ODSEE), these attributes are treated as standard ones and are systematically returned to client applications. Applications depending on the ODSEE behaviour might be impacted as many of them do no specify any search attribute list. To make OUD behave like ODSEE with regards to the access of rootDSEE attributes, run the following command:
dsconfig set-root-dse-backend-prop --set show-all-attributes:true
To make OUD treat schema operational attribute like user attributes, run the following too:
dsconfig set-workflow-element-prop --element-name schema --set show-all-attributes:true