Adams Samuel D Contr AFRL/HEDR wrote:
I also have two medium vulnerabilities the keep popping up with ISS that I need to resolve but can't seem to find the proper configuration in theadmin console." LDAP NullBind: LDAP anonymous access to directory
...
In addition to the other posters comments I would point out that with zero access control configured in the DS nobody but the directory manager can do anything - zero access by default. The best method of securing the server is to start with that blank sheet and selectively enable targeted operations for targeted users/groups on targeted sets of entries. For example, your requirement is that pam operates: add the aci that makes that happen and no more. The default aci's added on install should be treated as examples only that just happen to be suitable for casual evaluation." LDAP Schema: LDAP schema information gathering
Most deployments can get away with very few aci's in order to enforce their policy. Adding aci's when something is found not to work correctly due to insufficient access is a lot less painful than the ramifications of overly broad grants of access.
-- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
