One way will be by modifying the ACIs to do not allow anonymous read access
to attributes.
Not sure if there is an "easy way" to disable anonymous access to the
directory in the Console.
Para
"General discussion list for the
Fedora Directory server
"mallapadi niranjan" project."
<niranjan.ashok at gmail.co <fedora-directory-users at redhat.c
m> om>
Enviado por: cc
fedora-directory-users-b
ounces at redhat.com Asunto
Re:
24/01/2008 11:57 a.m. Authenticate before querying
ldap.
Clasificaci?n
Uso Interno
Por favor, responda a
"General discussion list
for the Fedora Directory
server project."
<fedora-directory-users@
redhat.com>
On Jan 24, 2008 4:37 PM, <shivaraj.shivanna at wipro.com> wrote:
Hi,
Our organization has an AD server running which requires you to bind
to it first before querying the server.
For example commands like
ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" would fail
with LdapErr: DSID-0C090627, comment: In order to perform this
operation a successful bind must be completed on the connection.
but commands like
ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D "some
user dn" -W would work on entering correct password.
How can we replicate this behavior with the fedora directory server ?
through access control lists, you can disable anonymous access and specify
authorization
You can refer the below
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html
Regards,
Shivraj
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
========================================================================================
AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida
?nicamente a su destinatario. Si usted no es el destinatario original de
este mensaje y por este medio pudo acceder a dicha informaci?n por favor
elimine el mensaje. La distribuci?n o copia de este mensaje est?
estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de
informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como
una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de
e-mails no garantiza que el correo electr?nico sea seguro o libre de error.
Por consiguiente, no manifestamos que esta informaci?n sea completa o
precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the
recipient only. If you are not the intended recipient of this message you
are hereby notified that any review, dissemination, distribution or
copying of this message is strictly prohibited. This communication is for
information purposes only and shall not be regarded neither as a proposal,
acceptance nor as a statement of will or official statement from NUCLEO
S.A. . Email transmission cannot be guaranteed to be secure or error-free.
Therefore, we do not represent that this information is complete or
accurate and it should not be relied upon as such. All information is
subject to change without notice.
