Please correct me if I'm wrong. I thought the easiest way to disable anonymous access is to remove the default anonymous access ACI or modify the ACI from "ldap:///anyone" to "ldap:///all" so that only authenticated user can access to the directory.
<br><br>- David<br><br><div class="gmail_quote">On Jan 24, 2008 10:03 AM, Ivan Ferreira <<a href="mailto:iferreir@personal.com.py">iferreir@personal.com.py</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
One way will be by modifying the ACIs to do not allow anonymous read access<br>to attributes.<br><br>Not sure if there is an "easy way" to disable anonymous access to the<br>directory in the Console.<br><br><br>
<br><br><br><br><br> Para<br> "General discussion list for the<br> Fedora Directory server
<br> "mallapadi niranjan" project."<br> <<a href="mailto:niranjan.ashok@gmail.co">niranjan.ashok@gmail.co</a> <<a href="mailto:fedora-directory-users@redhat.c">fedora-directory-users@redhat.c
</a><br> m> om><br> Enviado por: cc<br> fedora-directory-users-b<br> <a href="mailto:ounces@redhat.com">ounces@redhat.com
</a> Asunto<br> Re: [Fedora-directory-users]<br> 24/01/2008 11:57 a.m. Authenticate before querying<br> ldap.
<br> Clasificación<br> Uso Interno<br> Por favor, responda a<br> "General discussion list<br> for the Fedora Directory
<br> server project."<br> <fedora-directory-users@<br> <a href="http://redhat.com" target="_blank">redhat.com</a>><br><div><div></div><div class="Wj3C7c"><br><br><br><br><br><br><br>
<br>On Jan 24, 2008 4:37 PM, <<a href="mailto:shivaraj.shivanna@wipro.com">shivaraj.shivanna@wipro.com</a>> wrote:<br> Hi,<br> Our organization has an AD server running which requires you to bind<br> to it first before querying the server.
<br><br> For example commands like<br> ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" would fail<br> with LdapErr: DSID-0C090627, comment: In order to perform this<br>
operation a successful bind must be completed on the connection.<br> but commands like<br> ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D "some<br> user dn" -W would work on entering correct password.
<br><br> How can we replicate this behavior with the fedora directory server ?<br><br>through access control lists, you can disable anonymous access and specify<br>authorization<br><br>You can refer the below<br><a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html" target="_blank">
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html</a><br><br><a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html" target="_blank">
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html</a><br><br><br><br><br> Regards,<br> Shivraj<br><br> --<br> Fedora-directory-users mailing list
<br> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users
</a><br><br>--<br>Fedora-directory-users mailing list<br><a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">
https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br><br><br></div></div>========================================================================================<br>AVISO LEGAL: Esta información es privada y confidencial y está dirigida
<br>únicamente a su destinatario. Si usted no es el destinatario original de<br>este mensaje y por este medio pudo acceder a dicha información por favor<br>elimine el mensaje. La distribución o copia de este mensaje está
<br>estrictamente prohibida. Esta comunicación es sólo para propósitos de<br>información y no debe ser considerada como propuesta, aceptación ni como<br>una declaración de voluntad oficial de NUCLEO S.A. La transmisión de
<br>e-mails no garantiza que el correo electrónico sea seguro o libre de error.<br>Por consiguiente, no manifestamos que esta información sea completa o<br>precisa. Toda información está sujeta a alterarse sin previo aviso.
<br><br> This information is private and confidential and intended for the<br>recipient only. If you are not the intended recipient of this message you<br>are hereby notified that any review, dissemination, distribution or
<br>copying of this message is strictly prohibited. This communication is for<br>information purposes only and shall not be regarded neither as a proposal,<br>acceptance nor as a statement of will or official statement from NUCLEO
<br>S.A. . Email transmission cannot be guaranteed to be secure or error-free.<br>Therefore, we do not represent that this information is complete or<br>accurate and it should not be relied upon as such. All information is
<br>subject to change without notice.<br><div><div></div><div class="Wj3C7c"><br>--<br>Fedora-directory-users mailing list<br><a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">
https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br></div></div></blockquote></div><br>