dbaarda
commented
5 years ago Turns out it doesn't appear to be needed for startTLS, but it probably is needed for SASL auth, which we don't intend on supporting. It looks like clients will assume a minimal ldap server if they can't find a RootDSE, so it's probably not required.
However, it would probably be nice to have one.
See the following for details;
https://ldapwiki.com/wiki/RootDSE
This appears to be something some clients require to figure out what features the LDAP server supports, and in particular may be required for #4 StartTLS support.