disallow anonymous bind in openldap

Posted by shashank prasad on Server Fault See other posts from Server Fault or by shashank prasad
Published on 2011-06-28T18:14:57Z Indexed on 2012/07/01 3:17 UTC
Read the original article Hit count: 547

Filed under:

ldap

|

openldap

Folks,

I have followed the instructions here http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html to setup my OpenLdap and its working just fine, except an anonymous user can bind to my server and see the whole user/group structure. LDAP is running over SSL.

I have read online that i can add disallow bind_anon and require authc in the slapd.conf file and it will be disabled but there is no slapd.conf file to begin with and since this doesn't use slapd.conf for its configuration as i understand OpenLdap has moved to a cn=config setup so it wont read that file even if i create one. i have looked online without any luck.

I believe i need to change something in here

olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read

but i am not sure what. Any help is appreciated.

Thank you!

-shashank

© Server Fault or respective owner

Related posts about ldap

NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Ubuntu 12.04 Preseed LDAP Config

as seen on Server Fault - Search for 'Server Fault'
I'm trying to deploy Ubuntu 12.04 via xCAT, everything works except the automatic configuration of LDAP, the preseed file is read but the file /etc/nsswitch is not written properly. My Preseed File: [...] ### LDAP Setup nslcd nslcd/ldap-bindpw password ldap-auth-config ldap-auth-config/bindpw password ldap-auth-config… >>> More
NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Apache+LDAP auth on Ubuntu says "Can't contact LDAP server" while ldapsearch is perfect

as seen on Server Fault - Search for 'Server Fault'
Hi Gurus, I'm migrating from an existing apache+LDAP+mysql+php server to a new hardware platform. Old server is running Debian Lenny, which I have no config documentation available (was done by previous sysadmin); New server is running Ubuntu 10.04.2 LTS 32bit. After installing Apache and configured… >>> More
Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

as seen on Stack Overflow - Search for 'Stack Overflow'
Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security… >>> More

Related posts about openldap

Can't install new database in OpenLDAP 2.4 with BDB on Debian

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install an openldap server (slapd) on a Debian EC2 instance. I have followed all the instructions I can find, and am using the recommended slapd-config approach to configuration. It all seems to be just fine, except that for some reason it can't create my new database. ldap.conf.bak… >>> More
Installing openLDAP

as seen on Server Fault - Search for 'Server Fault'
I have followed installing openLDAP from http://www.openldap.org/doc/admin24/quickstart.html and follow the tasks up to # 9. when I run [ su root -c /usr/local/libexec/slapd ] it asks for password and after I type the password no indication of if server has been started or not. When I run [ ldapsearch… >>> More
Create Active Directory schema into OpenLDAP

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I need to store Active Directory Data into OpenLDAP and for that I want to create the Active Directory schema into OpenLDAP. How to do it? >>> More
OpenLDAP on windows

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I am looking for some way of implementing OpenLDAP on WindowsXP. Is this possible? If Yes thn please tell me how? >>> More
OpenLDAP and user role based accedss controll (RBAC)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap).. Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap… >>> More