disable bind with blank password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Radek Hladik wrote:
> nattapon viroonsri napsal(a):
>> Hi,
>>
>> Look like default fedora-ds policy is accept bind with blank password?
>> i have tested with
>> ldapsearch -x -D "uid=someone,ou=people,dc=example,dc=com" -w ""
>> get same result as use correct password
>>
>> if i use wrong password i wil get
>> ldap_bind: Invalid credentials (49)
>>
>> How can i disable bind with blank password  ?
>>
>> Thanks
>> Nattapon
>>
>> _________________________________________________________________
>> Express yourself instantly with MSN Messenger! Download today it's 
>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> I'm not FDS expert but as I have noticed FDS will log you anonymously 
> if you enter no password... Try to do some changes in FDS without 
> password (i.e. change office number of user you have specified to bind).
Note that this is LDAP standard behavior - BIND with empty password does 
an anonymous bind, even if a BIND DN was given.
> If you don't want this, you need to disable access for anonymous users.
Access control uses the special BIND subject ldap:///anyone to mean 
anonymous users.
> Feature to disable anonymous binding at all is in plan for future 
> versions. In actual version all you need/can to do, is disable ACI for 
> anonymous access. But be sure, that no other utility uses anonymous 
> access to LDAP as i.e. pam and nss does in default.
Yes, we will be adding some features to disallow anonymous binds to an 
upcoming version.
>
> Radek
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061110/c9c91a52/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux