There are a lot of great tools for working with LDAP, but there is always room for one more, right? A common task for me is to need to look at the contents of the Root DSE and verify the SSL certificate being used, if SSL is used.
For those not familiar with the root DSE, it is an entry offered by all LDAP servers. Its DN is null or empty, depending on how you interpret the RFCs. It almost always accepts un-authenticated connections and lists information about the contents and capabilities of the LDAP server. It will usually list the supported LDAP controls, authentication types offered, and often the naming contexts is holds. Different vendors list different data, and it is this data that I am often interested in.
Here are a few typical entries:
Active Directory Domain Controller
dn:
currentTime: 20111123000138.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=org
dsServiceName: CN=NTDS Settings,CN=mydomcontr08,CN=Servers,CN=Food,CN=Sites,CN=Co
nfiguration,DC=example,DC=org
namingContexts: DC=example,DC=org
namingContexts: CN=Configuration,DC=example,DC=org
namingContexts: CN=Schema,CN=Configuration,DC=example,DC=org
defaultNamingContext: DC=example,DC=org
schemaNamingContext: CN=Schema,CN=Configuration,DC=example,DC=org
configurationNamingContext: CN=Configuration,DC=example,DC=org
rootDomainNamingContext: DC=example,DC=org
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.970
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.474
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 2.16.840.1.113730.3.4.10
supportedControl: 1.2.840.113556.1.4.1504
supportedControl: 1.2.840.113556.1.4.1852
supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.1907
supportedControl: 1.2.840.113556.1.4.1948
supportedControl: 1.2.840.113556.1.4.1974
supportedControl: 1.2.840.113556.1.4.1341
supportedControl: 1.2.840.113556.1.4.2026
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 124867805
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: mydomcontr08.example.ORG
ldapServiceName: example.ORG:mydomcontr08$@example.ORG
serverName: CN=mydomcontr08,CN=Servers,CN=Food,CN=Sites,CN=Configuration,DC=examp
le,DC=org
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
supportedCapabilities: 1.2.840.113556.1.4.1935
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 2
domainControllerFunctionality: 3
Oracle Virtual Directory
dn:
namingContexts: ou=Groups,dc=example,dc=com
namingContexts: ou=admins,dc=example,dc=com
namingContexts: ou=employees,dc=example,dc=com
namingContexts: ou=IDMUsers,dc=idm.example,dc=com
namingContexts: ou=partners,dc=example,dc=com
namingContexts: OU=portal users,dc=example,dc=com
namingContexts: dc=example,dc=com
namingContexts: ou=OIDUsers,dc=idm.example,dc=com
objectClass: top
subschemaSubEntry: cn=schema
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: CRAM-MD5
supportedLDAPVersion: 2
supportedLDAPVersion: 3
supportedExtension: 1.3.6.1.4.1.1466.20037
Oracle Internet Directory
dn:
supportedsaslmechanisms: DIGEST-MD5
supportedldapversion: 2
supportedldapversion: 3
supportedextension: 2.16.840.1.113894.1.9.1
supportedextension: 1.3.6.1.4.1.1466.20037
supportedcontrol: 2.16.840.1.113730.3.4.2
supportedcontrol: 2.16.840.1.113894.1.8.1
supportedcontrol: 2.16.840.1.113894.1.8.2
supportedcontrol: 2.16.840.1.113894.1.8.3
supportedcontrol: 2.16.840.1.113894.1.8.4
supportedcontrol: 2.16.840.1.113894.1.8.5
supportedcontrol: 2.16.840.1.113894.1.8.6
supportedcontrol: 2.16.840.1.113894.1.8.7
supportedcontrol: 1.2.840.113556.1.4.473
supportedcontrol: 1.2.840.113556.1.4.319
supportedcontrol: 2.16.840.1.113894.1.8.14
supportedcontrol: 2.16.840.1.113894.1.8.16
supportedcontrol: 2.16.840.1.113894.1.8.23
supportedcontrol: 2.16.840.1.113894.1.8.29
subschemasubentry: cn=subschemasubentry
subregistrysubentry: cn=subregistrysubentry
subconfigsubentry: cn=subconfigsubentry
pwdpolicysubentry: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleCont
ext
orclupgradeinprogress: FALSE
orcltimelimit: 3600
orclstatsperiodicity: 60
orclstatslevel: 0
orclstatsflag: 0
orclsizelimit: 100000
orclsimplemodchglogattributes: uniquemember
orclsimplemodchglogattributes: member
orclsimplemodchglogattributes: orcluserapplnprovstatus
orclsimplemodchglogattributes: orcluserapplnprovstatusdesc
orclsimplemodchglogattributes: orcluserprovfailurecount
orclservermode: rw
orclreplicaid: prdoidx401_poid1
orclreplagreements: cn=replication configuration
orcloptcontainsquery: 0
orclnormdn:: IA==
orclmaxtcpidleconntime: 120
orclmatchdnenabled: 0
orcllegacyoidsyncagent: cn=odisrv+orclhostname=prdoidx001,cn=Registered Instance
s,cn=Directory Integration Platform,cn=Products,cn=OracleContext
orcllegacyoidsyncagent: cn=odisrv+orclhostname=prdoidx401,cn=Registered Instance
s,cn=Directory Integration Platform,cn=Products,cn=OracleContext
orcllegacyoidsyncagent: cn=odisrv+orclhostname=prdoidx002,cn=Registered Instance
s,cn=Directory Integration Platform,cn=Products,cn=OracleContext
orcllegacyoidsyncagent: cn=odisrv+orclhostname=prdoidx402,cn=Registered Instance
s,cn=Directory Integration Platform,cn=Products,cn=OracleContext
orcleventlevel: 0
orclentrylevelaci: access to entry by * (browse, noadd, nodelete)
orclentrylevelaci: access to attr=(orclaci,orclguname,orclgupassword,orclprname,
orclprpassword,orclcryptoscheme,orclsuname,orclsupassword) by * (none)
orclentrylevelaci: access to attr=(*) by * (search, read, nowrite, nocompare)
orclentrylevelaci: access to attr=(*) AppendToAll by group="cn=directoryadmingro
up,cn=oracle internet directory" (search,read,write,compare)
orclentrylevelaci: access to entry AppendToAll by group="cn=directoryadmingroup,
cn=oracle internet directory" (browse,add,delete)
orclentrylevelaci: access to attr=(orclstatsflag, orclstatsperiodicity,orclevent
level) by dn="cn=emd admin,cn=oracle internet directory" (search,read,write,com
pare) by * (search,read)
orclenablegroupcache: 1
orclecachemaxsize: 10000000
orclecachemaxentries: 25000
orclecacheenabled: 1
orcldirectoryversion: OID 10.1.4.3.0
orcldiprepository: FALSE
orcldebugop: 511
orcldebugflag: 0
orclcatalogentrydn: cn=catalogs
orclauditlevel: 0
orclanonymousbindsflag: 1
matchingrules: distinguishedNameMatch
matchingrules: caseIgnoreMatch
matchingrules: caseExactMatch
matchingrules: numericStringMatch
matchingrules: telephoneNumberMatch
changestatus: cn=changestatus
changelog: cn=changelog
authpassword;oid: {SASL/MD5}sHex432oGONWYembe52eKA==
authpassword;oid: {SASL/MD5-DN}UpdstrkdNdL5mxyQ8wFP5iQ==
authpassword;oid: {SASL/MD5-U}m0/awjpasdf346gaKaIHs9UQ==
One can get this all via the command line, with ldapsearch. For windows, I use the OpenDS version.
>ldapsearch -h host.name.org -p 389 -w "" -b "" -s base objectclass=*
I often forget the command, and if you need SSL, then you need to add -Z -X. Really, the -X is something that I'd complain about in most contexts, as it accepts any SSL certs. In this case, I am meaning to investigate the cert as well.
This gets me the LDAP info, but, then I'd need to use openssl to get the SSL and cert info.
Using
>openssl s_client -connect ovd.internal.example.com:636
I get the connect info:
Loading 'screen' into random state - done
CONNECTED(0000017C)
depth=3 CN = Example USA Root CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=Washington/L=Bothell/O=Example USA, Inc./OU=Internal Systems/CN=ovd.internal.Example.com
i:/DC=org/DC=Example/CN=Example USA Issuer CA 02
1 s:/DC=org/DC=Example/CN=Example USA Issuer CA 02
i:/CN=Example USA Intermediate CA 01
2 s:/CN=Example USA Intermediate CA 01
i:/CN=Example USA Root CA
3 s:/CN=Example USA Root CA
i:/CN=Example USA Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgIKN3rWsgABAAWq7TANBgkqhkiG9w0BAQUFADBSMRMwEQYK
CZImiZPyLGQBGRYDb3JnMRcwFQYKCZImiZPyLGQBGRYHZ3NtMTkwMDEiMCAGA1UE
AxMZVC1Nb2JpbGUgVVNBIElzc3VlciBDQSAwMjAeFw0xMTAxMzAwMTU2MjlaFw0x
MjAxMzAwMTU2MjlaMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
.
.
hpw6x12bNa5bqIzyCm70ENEWSZkVAIiYPgNlJEs4AjmzgHo9ixPqsRmzSbmryaAg
8Pw6PUYagF+4soVfKRTZm62m+6qHlmnsDeGjKh6YR7QSwySTH+LV0VXuPBecM7T9
tf90c4mUD/jKnk9o0up0yTxXDf/WKNQ9SHKkzxvqJ8+7DcVw5kjBe+x8H1/HK420
skqyrngmSrL/3xjN/9JdXJp3WRVa+2dYAg==
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Bothell/O=Example USA, Inc./OU=Internal Systems/CN=ovd.internal.Example.com
issuer=/DC=org/DC=Example/CN=Example USA Issuer CA 02
---
No client certificate CA names sent
---
SSL handshake has read 6038 bytes and written 368 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 4ECC3B5303F3EAB7AFDD9452D7671A08CA4E345DF07F7FF3A76A3B9C62B2DA10
Session-ID-ctx:
Master-Key: B074BCE20BBF51B4EF420994309A4CC3DD85DB48F9CB6C5305F984A936FD6B659588C942B63FBC0228EF570D7E05777F
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1322007377
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
Last, I have to cut and paste the certificate into a file and use openssl to read it.
>openssl asn1parse -in "cert.pem"
0:d=0 hl=4 l=1557 cons: SEQUENCE
4:d=1 hl=4 l=1277 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 10 prim: INTEGER :377AD6B200010005AAED
25:d=2 hl=2 l= 13 cons: SEQUENCE
27:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
38:d=3 hl=2 l= 0 prim: NULL
40:d=2 hl=2 l= 82 cons: SEQUENCE
42:d=3 hl=2 l= 19 cons: SET
44:d=4 hl=2 l= 17 cons: SEQUENCE
46:d=5 hl=2 l= 10 prim: OBJECT :domainComponent
58:d=5 hl=2 l= 3 prim: IA5STRING :org
63:d=3 hl=2 l= 23 cons: SET
65:d=4 hl=2 l= 21 cons: SEQUENCE
67:d=5 hl=2 l= 10 prim: OBJECT :domainComponent
79:d=5 hl=2 l= 7 prim: IA5STRING :gsm1900
88:d=3 hl=2 l= 34 cons: SET
90:d=4 hl=2 l= 32 cons: SEQUENCE
92:d=5 hl=2 l= 3 prim: OBJECT :commonName
97:d=5 hl=2 l= 25 prim: PRINTABLESTRING :Example USA Issuer CA 02
124:d=2 hl=2 l= 30 cons: SEQUENCE
126:d=3 hl=2 l= 13 prim: UTCTIME :110130015629Z
141:d=3 hl=2 l= 13 prim: UTCTIME :120130015629Z
156:d=2 hl=3 l= 144 cons: SEQUENCE
159:d=3 hl=2 l= 11 cons: SET
161:d=4 hl=2 l= 9 cons: SEQUENCE
163:d=5 hl=2 l= 3 prim: OBJECT :countryName
168:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
172:d=3 hl=2 l= 19 cons: SET
174:d=4 hl=2 l= 17 cons: SEQUENCE
176:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
181:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Washington
193:d=3 hl=2 l= 16 cons: SET
195:d=4 hl=2 l= 14 cons: SEQUENCE
197:d=5 hl=2 l= 3 prim: OBJECT :localityName
202:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Bothell
211:d=3 hl=2 l= 27 cons: SET
213:d=4 hl=2 l= 25 cons: SEQUENCE
215:d=5 hl=2 l= 3 prim: OBJECT :organizationName
220:d=5 hl=2 l= 18 prim: PRINTABLESTRING :Example USA, Inc.
240:d=3 hl=2 l= 25 cons: SET
242:d=4 hl=2 l= 23 cons: SEQUENCE
244:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
249:d=5 hl=2 l= 16 prim: PRINTABLESTRING :Internal Systems
267:d=3 hl=2 l= 34 cons: SET
269:d=4 hl=2 l= 32 cons: SEQUENCE
271:d=5 hl=2 l= 3 prim: OBJECT :commonName
276:d=5 hl=2 l= 25 prim: PRINTABLESTRING :ovd.internal.Example.com
303:d=2 hl=3 l= 159 cons: SEQUENCE
306:d=3 hl=2 l= 13 cons: SEQUENCE
308:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
319:d=4 hl=2 l= 0 prim: NULL
321:d=3 hl=3 l= 141 prim: BIT STRING
465:d=2 hl=4 l= 816 cons: cont [ 3 ]
469:d=3 hl=4 l= 812 cons: SEQUENCE
473:d=4 hl=2 l= 29 cons: SEQUENCE
475:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
480:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414D5FBEBB564FC0855035A02C36F05D3BE6AB6D990
504:d=4 hl=2 l= 31 cons: SEQUENCE
506:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
511:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014688A27CD6281B170FAC4A241E1F84927278B3A00
537:d=4 hl=4 l= 305 cons: SEQUENCE
541:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
546:d=5 hl=4 l= 296 prim: OCTET STRING [HEX DUMP]:
846:d=4 hl=4 l= 294 cons: SEQUENCE
850:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
860:d=5 hl=4 l= 280 prim: OCTET STRING [HEX DUMP]:
1144:d=4 hl=2 l= 12 cons: SEQUENCE
1146:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1151:d=5 hl=2 l= 1 prim: BOOLEAN :255
1154:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1158:d=4 hl=2 l= 11 cons: SEQUENCE
1160:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
1165:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
1171:d=4 hl=2 l= 62 cons: SEQUENCE
1173:d=5 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.21.7
1184:d=5 hl=2 l= 49 prim: OCTET STRING [HEX DUMP]:302F06272B0601040182371508AFAB1B85DD9D4F82E999398785C52C83F1EE
23778AC8DE812D86D8DA8E14020164020106
1235:d=4 hl=2 l= 19 cons: SEQUENCE
1237:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
1242:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301
1256:d=4 hl=2 l= 27 cons: SEQUENCE
1258:d=5 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.21.10
1269:d=5 hl=2 l= 14 prim: OCTET STRING [HEX DUMP]:300C300A06082B06010505070301
1285:d=1 hl=2 l= 13 cons: SEQUENCE
1287:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
1298:d=2 hl=2 l= 0 prim: NULL
1300:d=1 hl=4 l= 257 prim: BIT STRING
I can get 98% of what I need in one command, with my new tool
>getrootdse myORG.org 636 ssl
Performing a RootDSE search ...
supportedSASLMechanisms is GSSAPI
supportedSASLMechanisms is GSS-SPNEGO
supportedSASLMechanisms is EXTERNAL
supportedSASLMechanisms is DIGEST-MD5
defaultNamingContext is DC=myORG,DC=org
domainControllerFunctionality is 3
ldapServiceName is myORG.org:myDomcontr01$@myORG.ORG
supportedLDAPVersion is 3
supportedLDAPVersion is 2
dsServiceName is CN=NTDS Settings,CN=myDomcontr01,CN=Servers,CN=myORG-West,CN=Sites,CN=Configurati
on,DC=myORG,DC=org
subschemaSubentry is CN=Aggregate,CN=Schema,CN=Configuration,DC=myORG,DC=org
supportedLDAPPolicies is MaxPoolThreads
supportedLDAPPolicies is MaxDatagramRecv
supportedLDAPPolicies is MaxReceiveBuffer
supportedLDAPPolicies is InitRecvTimeout
supportedLDAPPolicies is MaxConnections
supportedLDAPPolicies is MaxConnIdleTime
supportedLDAPPolicies is MaxPageSize
supportedLDAPPolicies is MaxQueryDuration
supportedLDAPPolicies is MaxTempTableSize
supportedLDAPPolicies is MaxResultSetSize
supportedLDAPPolicies is MaxNotificationPerConn
supportedLDAPPolicies is MaxValRange
isSynchronized is TRUE
dnsHostName is myDomcontr01.myORG.org
supportedControl is 1.2.840.113556.1.4.319
supportedControl is 1.2.840.113556.1.4.801
supportedControl is 1.2.840.113556.1.4.473
supportedControl is 1.2.840.113556.1.4.528
supportedControl is 1.2.840.113556.1.4.417
supportedControl is 1.2.840.113556.1.4.619
supportedControl is 1.2.840.113556.1.4.841
supportedControl is 1.2.840.113556.1.4.529
supportedControl is 1.2.840.113556.1.4.805
supportedControl is 1.2.840.113556.1.4.521
supportedControl is 1.2.840.113556.1.4.970
supportedControl is 1.2.840.113556.1.4.1338
supportedControl is 1.2.840.113556.1.4.474
supportedControl is 1.2.840.113556.1.4.1339
supportedControl is 1.2.840.113556.1.4.1340
supportedControl is 1.2.840.113556.1.4.1413
supportedControl is 2.16.840.1.113730.3.4.9
supportedControl is 2.16.840.1.113730.3.4.10
supportedControl is 1.2.840.113556.1.4.1504
supportedControl is 1.2.840.113556.1.4.1852
supportedControl is 1.2.840.113556.1.4.802
supportedControl is 1.2.840.113556.1.4.1907
supportedControl is 1.2.840.113556.1.4.1948
supportedControl is 1.2.840.113556.1.4.1974
supportedControl is 1.2.840.113556.1.4.1341
supportedControl is 1.2.840.113556.1.4.2026
isGlobalCatalogReady is TRUE
forestFunctionality is 2
supportedCapabilities is 1.2.840.113556.1.4.800
supportedCapabilities is 1.2.840.113556.1.4.1670
supportedCapabilities is 1.2.840.113556.1.4.1791
supportedCapabilities is 1.2.840.113556.1.4.1935
highestCommittedUSN is 376377966
rootDomainNamingContext is DC=myORG,DC=org
schemaNamingContext is CN=Schema,CN=Configuration,DC=myORG,DC=org
namingContexts is DC=myORG,DC=org
namingContexts is CN=Configuration,DC=myORG,DC=org
namingContexts is CN=Schema,CN=Configuration,DC=myORG,DC=org
configurationNamingContext is CN=Configuration,DC=myORG,DC=org
serverName is CN=myDomcontr01,CN=Servers,CN=myORG-West,CN=Sites,CN=Configuration,DC=myORG,DC=org
currentTime is 20111123004547.0Z
domainFunctionality is 2
RootDSE search completed.
SSL for encryption is enabled
SSL information:
cipher strength: 128
exchange strength: 1024
protocol: Tls1Client
hash strength: 160
algorithm: Aes128
KeyExAlgo: 41984
The certificate did NOT validate correctly
The cert information is:
Subject: CN=myDomcontr01.myORG.org
Issuer: CN=myORG USA Issuer CA 06 v1, DC=myORG, DC=org
Expires: 8/21/2012 6:46:46 AM
Hash: 6D8F0501B7881A0DCCC84E1DCF4E1DF0646A4479
Public Key: 30818902818100C9D8ADE08D8CC893934C95AFF45DCFAB317B83CD0A93D659B181B8AB476D49954F94E2EE148C9A095C86592DCA458
B488DB3D5BDE5F14EAD3FBBB0D15A6DB1B48B587EB13984B15D27B2BEF4AF421BE8861B4A0C704A5510C5A2D431202675D65F9455573BDA2083D1DCD
6A2541FDA6CD6205FFACE670467366F9FC763B5C8B50203010001
Serial: 1BC1C68D000000005EC9
Here's the c# code
https://s3.amazonaws.com/markgamache/doWork.cs
the .NET 2.0 assembly.
https://s3.amazonaws.com/markgamache/GetRootDSE.exe
Enjoy.