Radek Hladik wrote:
Note that this is LDAP standard behavior - BIND with empty password does an anonymous bind, even if a BIND DN was given.nattapon viroonsri napsal(a):Hi, Look like default fedora-ds policy is accept bind with blank password? i have tested with ldapsearch -x -D "uid=someone,ou=people,dc=example,dc=com" -w "" get same result as use correct password if i use wrong password i wil get ldap_bind: Invalid credentials (49) How can i disable bind with blank password ? Thanks Nattapon _________________________________________________________________Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-usersI'm not FDS expert but as I have noticed FDS will log you anonymously if you enter no password... Try to do some changes in FDS without password (i.e. change office number of user you have specified to bind).
Access control uses the special BIND subject ldap:///anyone to mean anonymous users.If you don't want this, you need to disable access for anonymous users.
Feature to disable anonymous binding at all is in plan for future versions. In actual version all you need/can to do, is disable ACI for anonymous access. But be sure, that no other utility uses anonymous access to LDAP as i.e. pam and nss does in default.Yes, we will be adding some features to disallow anonymous binds to an upcoming version.
Radek -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
