Please correct me if I'm wrong. I thought the easiest way to disable anonymous access is to remove the default anonymous access ACI or modify the ACI from "ldap:///anyone"; to "ldap:///all"; so that only authenticated user can access to the directory. - David On Jan 24, 2008 10:03 AM, Ivan Ferreira <iferreir at personal.com.py> wrote: > One way will be by modifying the ACIs to do not allow anonymous read > access > to attributes. > > Not sure if there is an "easy way" to disable anonymous access to the > directory in the Console. > > > > > > > > Para > "General discussion list for the > Fedora Directory server > "mallapadi niranjan" project." > <niranjan.ashok at gmail.co <fedora-directory-users at redhat.c > m> om> > Enviado por: cc > fedora-directory-users-b > ounces at redhat.com Asunto > Re: [Fedora-directory-users] > 24/01/2008 11:57 a.m. Authenticate before querying > ldap. > Clasificaci?n > Uso Interno > Por favor, responda a > "General discussion list > for the Fedora Directory > server project." > <fedora-directory-users@ > redhat.com> > > > > > > > > > On Jan 24, 2008 4:37 PM, <shivaraj.shivanna at wipro.com> wrote: > Hi, > Our organization has an AD server running which requires you to bind > to it first before querying the server. > > For example commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" would fail > with LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection. > but commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D "some > user dn" -W would work on entering correct password. > > How can we replicate this behavior with the fedora directory server ? > > through access control lists, you can disable anonymous access and > specify > authorization > > You can refer the below > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html > > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html > > > > > Regards, > Shivraj > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ======================================================================================== > AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida > ?nicamente a su destinatario. Si usted no es el destinatario original de > este mensaje y por este medio pudo acceder a dicha informaci?n por favor > elimine el mensaje. La distribuci?n o copia de este mensaje est? > estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de > informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como > una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de > e-mails no garantiza que el correo electr?nico sea seguro o libre de > error. > Por consiguiente, no manifestamos que esta informaci?n sea completa o > precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. > > This information is private and confidential and intended for the > recipient only. If you are not the intended recipient of this message you > are hereby notified that any review, dissemination, distribution or > copying of this message is strictly prohibited. This communication is for > information purposes only and shall not be regarded neither as a proposal, > acceptance nor as a statement of will or official statement from NUCLEO > S.A. . Email transmission cannot be guaranteed to be secure or error-free. > Therefore, we do not represent that this information is complete or > accurate and it should not be relied upon as such. All information is > subject to change without notice. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080124/c75be6bd/attachment.html
