Radek Hladik wrote:
> nattapon viroonsri napsal(a):
>> Hi,
>>
>> Look like default fedora-ds policy is accept bind
with blank password?
>> i have tested with
>> ldapsearch -x -D
"uid=someone,ou=people,dc=example,dc=com" -w
""
>> get same result as use correct password
>>
>> if i use wrong password i wil get
>> ldap_bind: Invalid credentials (49)
>>
>> How can i disable bind with blank password ?
>>
>> Thanks
>> Nattapon
>>
>>
____________________________________________________________
_____
>> Express yourself instantly with MSN Messenger!
Download today it's
>> FREE! http://messenger.msn.click-url.com/go/onm00200471
ave/direct/01/
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>
> I'm not FDS expert but as I have noticed FDS will log
you anonymously
> if you enter no password... Try to do some changes in
FDS without
> password (i.e. change office number of user you have
specified to bind).
Note that this is LDAP standard behavior - BIND with empty
password does
an anonymous bind, even if a BIND DN was given.
> If you don't want this, you need to disable access for
anonymous users.
Access control uses the special BIND subject ldap:///anyone
to mean
anonymous users.
> Feature to disable anonymous binding at all is in plan
for future
> versions. In actual version all you need/can to do, is
disable ACI for
> anonymous access. But be sure, that no other utility
uses anonymous
> access to LDAP as i.e. pam and nss does in default.
Yes, we will be adding some features to disallow anonymous
binds to an
upcoming version.
>
> Radek
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
|