Overview #

Although RCF 3045 provides a methodology to determine the vendorName and vendorVersion of the LDAP server from the RootDSE Example, many LDAP Server Implementations do not provide this information.
Do realize the information was taken from various different LDAP Server Implementations at various times and you results may vary.

There are also the supportedLDAPVersion attributes which will show you which protocol version of LDAP the LDAP Server Implementation supports. Generally, if the server ONLY shows supportedLDAPVersion=2, do not even try to use modern LDAP tools as most will have issues, in other words, upgrade to a LDAP Server Implementation that supports supportedLDAPVersion=3.

supportedLDAPVersion: 2
supportedLDAPVersion: 3

Each LDAP Server Implementation, unfortunately, has its own characteristics that clearly separate it from others. To find out its type, use any available LDAP search tool and START with the following parameters:

ldapsearch -LLL -h ipaddress -b "" -s base -D cn=admin,....,dc=com -W "(objectclass=*)" vendorname vendorversion isGlobalCatalogReady 

This will at least show you if the LDAP Server Implementation supports vendorName and vendorVersion and if the isGlobalCatalogReady returns true you know this is Microsoft Active Directory.

Now you can use the following information to search for the and hopefully determine the specifics.

UnboundID#

vendorName: UnboundID Corp.
vendorVersion: UnboundID Directory Server 4.1.0.6

Active Directory#

Microsoft Active Directory does not provide the vendorVersion or VendorName in the rootDSE.

We typically check the RootDSEto determine if there is a value for "forestFunctionality" and if there is we assume it is Microsoft Active Directory.

For the version, you then need to determine which version of which object you are trying to determine.

To find all DCs and their versions, use this query:

(&(&(&(&(samAccountType=805306369)(primaryGroupId=516))(objectCategory=computer)(operatingSystem=*))))
For more information on versions of Active Directory Functional Levels

EDirectory#

vendorName: Novell, Inc.
vendorVersion: LDAP Agent for Novell eDirectory 8.8 SP7 (20705.00)
You can obtain more secific information using a query similar to:
ldapsearch -H ldap://serverip:389 -ZZ -x -D "cn=admin,...,dc=com" -W -b "dc=com" -s sub "(objectClass=ncpServer)" "dsRevision" "Version" "objectClass"

Will return results similar to:
{{{
dsRevision: 2070500
Version: eDirectory for Linux x86_64 v8.8 SP7 [DS]

NetScape#

vendorname=Netscape Communications Corp.
vendorversion=Netscape-Directory/6.11 B2002.281.0853

Sun One Directory: Attribute vendorVersion will contain the term "Sun Directory".#

vendorName=Sun Microsystems\, Inc.
vendorVersion=Sun Java(TM) System Directory Server/5.2_Patch_6

Oracle Internet Directory#

An older version shows:
orcldirectoryversion: OID 10.1.4.3.0

Oracle Unified Directory#

majorVersion: 11
maintenanceVersion: 1
platformVersion: 0
releaseVersion: 2
vendorName: Oracle Corporation
vendorVersion: Oracle Unified Directory 11.1.2.1.0

Oracle Virtual Directory#

orcldirectoryversion: OVD 11.1.1.6.0

IBM - Found this one:#

vendorName: [International Business Machines (IBM)]
vendorVersion: [6.0]

OpenLDAP#

dn:
objectClass: top
objectClass: OpenLDAProotDSE

Siemens AG#

Siemens AG
DirX Directory V8.0 B 8.1.218 2008:06:14 01:10 32-Bit

Anyone know of any others or can add information?#

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-34) was last changed on 24-Feb-2015 13:13 by jim