How can you view what roots are available in a Unix LDAP database?

Question

I\'m trying to view all root names on a server that are available for searching thru/modifying. I\'ve tried looking online-but I\'m still unable to find the base levels. ldapse

Answer 1

If the question is "How to get valid top-level base dn(s) ?", you have multiple options :

• Domain components (dc) usually match the FQDN, it makes sense to use these dc's to build up a top level base dn (e.g. 'host.example.com' would give 'dc=example,dc=com'), but it is not guaranteed it results in a valid base dn.
• Search for rootDSE information :ldapsearch -H ldap://host.example.com -x -s base -b '' +
  Then retrieve the namingContexts or defaultNamingContext attribute(s), any one of them can be used as a search base dn.
• Use an LDAP explorer like Apache Directory Studio to display the directory tree, select a top object matching objectClass: dcObject (and optionnally o=something) : any corresponding entry can be used as a search base object by using its dn as the base dn.