Chun Tat David Chu wrote: > Please correct me if I'm wrong. I thought the easiest way to disable > anonymous access is to remove the default anonymous access ACI or > modify the ACI from "ldap:///anyone"; to "ldap:///all"; so that only > authenticated user can access to the directory. Yes, that will disallow anonymous from being able to search. But there is no way to completely disallow anonymous bind in the manner that AD does. > > - David > > On Jan 24, 2008 10:03 AM, Ivan Ferreira <iferreir at personal.com.py > <mailto:iferreir at personal.com.py>> wrote: > > One way will be by modifying the ACIs to do not allow anonymous > read access > to attributes. > > Not sure if there is an "easy way" to disable anonymous access to the > directory in the Console. > > > > > > > > > Para > "General discussion list > for the > Fedora Directory server > "mallapadi niranjan" project." > <niranjan.ashok at gmail.co <mailto:niranjan.ashok at gmail.co> > <fedora-directory-users at redhat.c > <mailto:fedora-directory-users at redhat.c> > m> om> > Enviado por: > cc > fedora-directory-users-b > ounces at redhat.com <mailto:ounces at redhat.com> > Asunto > Re: [Fedora-directory-users] > 24/01/2008 11:57 a.m. Authenticate before querying > ldap. > > Clasificaci?n > Uso Interno > Por favor, responda a > "General discussion list > for the Fedora Directory > server project." > <fedora-directory-users@ > redhat.com <http://redhat.com>> > > > > > > > > > On Jan 24, 2008 4:37 PM, <shivaraj.shivanna at wipro.com > <mailto:shivaraj.shivanna at wipro.com>> wrote: > Hi, > Our organization has an AD server running which requires you > to bind > to it first before querying the server. > > For example commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" > would fail > with LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection. > but commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D > "some > user dn" -W would work on entering correct password. > > How can we replicate this behavior with the fedora directory > server ? > > through access control lists, you can disable anonymous access > and specify > authorization > > You can refer the below > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html > > > > > Regards, > Shivraj > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ======================================================================================== > AVISO LEGAL: Esta informaci?n es privada y confidencial y est? > dirigida > ?nicamente a su destinatario. Si usted no es el destinatario > original de > este mensaje y por este medio pudo acceder a dicha informaci?n > por favor > elimine el mensaje. La distribuci?n o copia de este mensaje est? > estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de > informaci?n y no debe ser considerada como propuesta, aceptaci?n > ni como > una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de > e-mails no garantiza que el correo electr?nico sea seguro o libre > de error. > Por consiguiente, no manifestamos que esta informaci?n sea completa o > precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. > > This information is private and confidential and intended for the > recipient only. If you are not the intended recipient of this > message you > are hereby notified that any review, dissemination, distribution or > copying of this message is strictly prohibited. This communication > is for > information purposes only and shall not be regarded neither as a > proposal, > acceptance nor as a statement of will or official statement from > NUCLEO > S.A. . Email transmission cannot be guaranteed to be secure or > error-free. > Therefore, we do not represent that this information is complete or > accurate and it should not be relied upon as such. All information is > subject to change without notice. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080124/ab309ee5/attachment.bin
