[Fedora-directory-users] disable anonymous binding
Ankur Agarwal
ankur_agwal at yahoo.com
Tue May 15 05:36:38 UTC 2007
Create an ldif file like this:
===============
dn:dc=example,dc=com
changetype: modify
replace: aci
aci: (target ="ldap:///dc=example,dc=com")(targetattr="*")(version 3.0; acl "Deny anonymous access"; deny (read, search, compare) userdn="ldap:///anyone";)
===============
Then run ldapmodify command:
./ldapmodify -h <HostName> -p <Port> -D "cn=Directory Manager" -w <Directory Manager password> -cvf <path to ldif file>
This should disable anonymous binding.
Cheers,
Ankur
Tony <pthagonal at gmail.com> wrote:
Hi,
I'm very new to FDS, but I have succeeeded in getting it up and
running on top of CentOS 4.4, and have populated it with a basic list
of users and their details. I've even got SSL working properly. Now
I'd like to open port 636 to the outside world to let my users see the
address list etc while they are outside the LAN. However I don't want
anyone to bind anonymously to then pull out all the staff details -
emails, phone numbers etc - so I'd like to prevent anonymous binds and
make sure that all users authenticate before being allowed to access
the data.
Could some kind person point me at the docs/info in order to do that?
I did find the "Require Client Authentication" check box but I believe
that is something else - or am I wrong?
--
Cheers,
Tony
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
---------------------------------
Yahoo! oneSearch: Finally, mobile search that gives answers, not web links.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070514/94bbee29/attachment.htm>
More information about the Fedora-directory-users
mailing list