[Fedora-directory-users] Authenticate before querying ldap.

Chun Tat David Chu beyonddc.storage at gmail.com
Thu Jan 24 21:33:39 UTC 2008 

Please correct me if I'm wrong.  I thought the easiest way to disable
anonymous access is to remove the default anonymous access ACI or modify the
ACI from "ldap:///anyone" to "ldap:///all" so that only authenticated user
can access to the directory.

- David

On Jan 24, 2008 10:03 AM, Ivan Ferreira <iferreir at personal.com.py> wrote:

> One way will be by modifying the ACIs to do not allow anonymous read
> access
> to attributes.
>
> Not sure if there is an "easy way" to disable anonymous access to the
> directory in the Console.
>
>
>
>
>
>
>
>                                                                      Para
>                                          "General discussion list for the
>                                          Fedora Directory server
>       "mallapadi niranjan"               project."
>       <niranjan.ashok at gmail.co           <fedora-directory-users at redhat.c
>       m>                                 om>
>       Enviado por:                                                     cc
>       fedora-directory-users-b
>       ounces at redhat.com                                            Asunto
>                                          Re: [Fedora-directory-users]
>       24/01/2008 11:57 a.m.              Authenticate before querying
>                                          ldap.
>                                                             Clasificación
>                                         Uso Interno
>        Por favor, responda a
>       "General discussion list
>       for the Fedora Directory
>           server project."
>       <fedora-directory-users@
>             redhat.com>
>
>
>
>
>
>
>
>
> On Jan 24, 2008 4:37 PM, <shivaraj.shivanna at wipro.com> wrote:
>      Hi,
>      Our organization has an AD server running which requires you to bind
>      to it first before querying the server.
>
>      For example commands like
>          ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" would fail
>      with LdapErr: DSID-0C090627, comment: In order to perform this
>      operation a successful bind must be completed on the connection.
>      but commands like
>          ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base"  -D "some
>      user dn" -W  would work on entering correct password.
>
>      How can we replicate this behavior with the fedora directory server ?
>
> through access control lists,  you can disable anonymous access and
> specify
> authorization
>
> You can refer the below
>
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html
>
>
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html
>
>
>
>
>      Regards,
>      Shivraj
>
>      --
>      Fedora-directory-users mailing list
>      Fedora-directory-users at redhat.com
>      https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> ========================================================================================
> AVISO LEGAL: Esta información es privada y confidencial y está dirigida
> únicamente a su destinatario. Si usted no es el destinatario original de
> este mensaje y por este medio pudo  acceder a dicha información por favor
> elimine el mensaje. La distribución o copia de este mensaje está
> estrictamente prohibida. Esta comunicación es sólo para  propósitos de
> información y no debe ser considerada como propuesta, aceptación ni como
> una declaración de voluntad oficial de NUCLEO S.A.  La transmisión de
> e-mails no garantiza que el correo electrónico sea seguro o libre de
> error.
> Por consiguiente, no manifestamos que esta información sea completa o
> precisa.  Toda información está sujeta a alterarse sin previo aviso.
>
>  This information is private and confidential and intended for the
> recipient only. If you are not the intended recipient of this message you
> are hereby notified that any review,  dissemination, distribution or
> copying of this message is strictly prohibited. This communication is for
> information purposes only and shall not be regarded neither as a proposal,
> acceptance nor as a statement of will or official statement from NUCLEO
> S.A. . Email transmission cannot be guaranteed to be secure or error-free.
> Therefore,  we do not represent that this information is complete or
> accurate and it should not be relied upon as such. All information is
> subject to change without notice.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080124/c75be6bd/attachment.htm>

More information about the Fedora-directory-users mailing list