By default, the rootDSE entry is managed/returned by the directory proxy
itself and reflect proxy LDAP capabilities. Such behaviour is mandatory whenever virtualization is in use so that underlying data layout is hidden from the client applications.
In some specific cases, it might be interesting to configure DPS to fetch the rootDSE entry from the directory server(s) itself. Here is the procedure:
Create a data view (rootDSE) with view base set to "" and associate a data source pool containing the directory servers holding the rootDSE entry to be returned. 2-
Change the DPS routing policy to manual. 3-
Make sure the rootDSE exclusion base property do not contain "". If so, remove
At that point, requests to rootDSE are redirected to the rootDSE data view.
If multiple directory servers are associated with the rootDSE data view, make sure they have identical rootDSE entries otherwise the rootDSE entry returned to clients may vary over time because of the load-balancing policy. This is likely to confuse client applications. There might be also a mismatch between rootDSE content and proxy capabilities (e.g supported extended operations or supported LDAP controls), so make sure to change the proxy configuration (e.g list of forwarded controls) to reflect the rootDSE entry content.