[Fedora-directory-users] disable bind with blank password
Richard Megginson
rmeggins at redhat.com
Fri Nov 10 14:24:57 UTC 2006
Radek Hladik wrote:
> nattapon viroonsri napsal(a):
>> Hi,
>>
>> Look like default fedora-ds policy is accept bind with blank password?
>> i have tested with
>> ldapsearch -x -D "uid=someone,ou=people,dc=example,dc=com" -w ""
>> get same result as use correct password
>>
>> if i use wrong password i wil get
>> ldap_bind: Invalid credentials (49)
>>
>> How can i disable bind with blank password ?
>>
>> Thanks
>> Nattapon
>>
>> _________________________________________________________________
>> Express yourself instantly with MSN Messenger! Download today it's
>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> I'm not FDS expert but as I have noticed FDS will log you anonymously
> if you enter no password... Try to do some changes in FDS without
> password (i.e. change office number of user you have specified to bind).
Note that this is LDAP standard behavior - BIND with empty password does
an anonymous bind, even if a BIND DN was given.
> If you don't want this, you need to disable access for anonymous users.
Access control uses the special BIND subject ldap:///anyone to mean
anonymous users.
> Feature to disable anonymous binding at all is in plan for future
> versions. In actual version all you need/can to do, is disable ACI for
> anonymous access. But be sure, that no other utility uses anonymous
> access to LDAP as i.e. pam and nss does in default.
Yes, we will be adding some features to disallow anonymous binds to an
upcoming version.
>
> Radek
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061110/c9c91a52/attachment.bin>
More information about the Fedora-directory-users
mailing list