disallow anonymous bind in openldap
Posted
by
shashank prasad
on Server Fault
See other posts from Server Fault
or by shashank prasad
Published on 2011-06-28T18:14:57Z
Indexed on
2012/07/01
3:17 UTC
Read the original article
Hit count: 579
Folks,
I have followed the instructions here http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html to setup my OpenLdap and its working just fine, except an anonymous user can bind to my server and see the whole user/group structure. LDAP is running over SSL.
I have read online that i can add disallow bind_anon and require authc
in the slapd.conf file and it will be disabled but there is no slapd.conf file to begin with and since this doesn't use slapd.conf for its configuration as i understand OpenLdap has moved to a cn=config setup so it wont read that file even if i create one. i have looked online without any luck.
I believe i need to change something in here
olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read
but i am not sure what. Any help is appreciated.
Thank you!
-shashank
© Server Fault or respective owner