On 6/4/05, Dave Coyle [contractor] <dave.coyle@xxxxxxxxxxxx> wrote: > The Wishlist page [ http://directory.fedora.redhat.com/wiki/Wishlist ] lists > 'option to disable anonymous binds' as a desired feature, but one can > already do this via ACIs, e.g.: > > aci: (targetattr="*")(version 3.0; acl "deny anonymous access by default"; > deny (all) userdn="ldap:///anyone";;) > > Would this provide what was desired, or is there more to the feature > request? This should also work. However, you should be careful where you apply this ACI: for example, applying it at the top of the DIT won't allow you to allow anonymous access to some other parts of the tree (since the ACI is an explicit deny).
