[Fedora-directory-users] Authenticate before querying ldap.
Rich Megginson
rmeggins at redhat.com
Thu Jan 24 21:36:22 UTC 2008
Chun Tat David Chu wrote:
> Please correct me if I'm wrong. I thought the easiest way to disable
> anonymous access is to remove the default anonymous access ACI or
> modify the ACI from "ldap:///anyone" to "ldap:///all" so that only
> authenticated user can access to the directory.
Yes, that will disallow anonymous from being able to search. But there
is no way to completely disallow anonymous bind in the manner that AD does.
>
> - David
>
> On Jan 24, 2008 10:03 AM, Ivan Ferreira <iferreir at personal.com.py
> <mailto:iferreir at personal.com.py>> wrote:
>
> One way will be by modifying the ACIs to do not allow anonymous
> read access
> to attributes.
>
> Not sure if there is an "easy way" to disable anonymous access to the
> directory in the Console.
>
>
>
>
>
>
>
>
> Para
> "General discussion list
> for the
> Fedora Directory server
> "mallapadi niranjan" project."
> <niranjan.ashok at gmail.co <mailto:niranjan.ashok at gmail.co>
> <fedora-directory-users at redhat.c
> <mailto:fedora-directory-users at redhat.c>
> m> om>
> Enviado por:
> cc
> fedora-directory-users-b
> ounces at redhat.com <mailto:ounces at redhat.com>
> Asunto
> Re: [Fedora-directory-users]
> 24/01/2008 11:57 a.m. Authenticate before querying
> ldap.
>
> Clasificación
> Uso Interno
> Por favor, responda a
> "General discussion list
> for the Fedora Directory
> server project."
> <fedora-directory-users@
> redhat.com <http://redhat.com>>
>
>
>
>
>
>
>
>
> On Jan 24, 2008 4:37 PM, <shivaraj.shivanna at wipro.com
> <mailto:shivaraj.shivanna at wipro.com>> wrote:
> Hi,
> Our organization has an AD server running which requires you
> to bind
> to it first before querying the server.
>
> For example commands like
> ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base"
> would fail
> with LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection.
> but commands like
> ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D
> "some
> user dn" -W would work on entering correct password.
>
> How can we replicate this behavior with the fedora directory
> server ?
>
> through access control lists, you can disable anonymous access
> and specify
> authorization
>
> You can refer the below
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html
>
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html
>
>
>
>
> Regards,
> Shivraj
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ========================================================================================
> AVISO LEGAL: Esta información es privada y confidencial y está
> dirigida
> únicamente a su destinatario. Si usted no es el destinatario
> original de
> este mensaje y por este medio pudo acceder a dicha información
> por favor
> elimine el mensaje. La distribución o copia de este mensaje está
> estrictamente prohibida. Esta comunicación es sólo para propósitos de
> información y no debe ser considerada como propuesta, aceptación
> ni como
> una declaración de voluntad oficial de NUCLEO S.A. La transmisión de
> e-mails no garantiza que el correo electrónico sea seguro o libre
> de error.
> Por consiguiente, no manifestamos que esta información sea completa o
> precisa. Toda información está sujeta a alterarse sin previo aviso.
>
> This information is private and confidential and intended for the
> recipient only. If you are not the intended recipient of this
> message you
> are hereby notified that any review, dissemination, distribution or
> copying of this message is strictly prohibited. This communication
> is for
> information purposes only and shall not be regarded neither as a
> proposal,
> acceptance nor as a statement of will or official statement from
> NUCLEO
> S.A. . Email transmission cannot be guaranteed to be secure or
> error-free.
> Therefore, we do not represent that this information is complete or
> accurate and it should not be relied upon as such. All information is
> subject to change without notice.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080124/ab309ee5/attachment.bin>
More information about the Fedora-directory-users
mailing list