Re: Authenticate before querying ldap.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Chun Tat David Chu wrote:
Please correct me if I'm wrong. I thought the easiest way to disable anonymous access is to remove the default anonymous access ACI or modify the ACI from "ldap:///anyone"; to "ldap:///all"; so that only authenticated user can access to the directory.
Yes, that will disallow anonymous from being able to search. But there is no way to completely disallow anonymous bind in the manner that AD does. 

- David
On Jan 24, 2008 10:03 AM, Ivan Ferreira <iferreir@xxxxxxxxxxxxxxx <mailto:iferreir@xxxxxxxxxxxxxxx>> wrote: 

    One way will be by modifying the ACIs to do not allow anonymous
    read access
    to attributes.

    Not sure if there is an "easy way" to disable anonymous access to the
    directory in the Console.
Para 
                                             "General discussion list
    for the
                                             Fedora Directory server
          "mallapadi niranjan"               project."
<niranjan.ashok@xxxxxxxx <mailto:niranjan.ashok@xxxxxxxx> <fedora-directory-users@xxxxxxxx 
    <mailto:fedora-directory-users@xxxxxxxx>
          m>                                 om>
Enviado por: cc 
          fedora-directory-users-b
ounces@xxxxxxxxxx <mailto:ounces@xxxxxxxxxx> Asunto 
                                             Re: [Fedora-directory-users]
          24/01/2008 11:57 a.m.              Authenticate before querying
                                             ldap.
Clasificación 
                                            Uso Interno
           Por favor, responda a
          "General discussion list
          for the Fedora Directory
              server project."
          <fedora-directory-users@
                redhat.com <http://redhat.com>>








    On Jan 24, 2008 4:37 PM, <shivaraj.shivanna@xxxxxxxxx
    <mailto:shivaraj.shivanna@xxxxxxxxx>> wrote:
         Hi,
         Our organization has an AD server running which requires you
    to bind
         to it first before querying the server.

         For example commands like
             ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base"
    would fail
         with LdapErr: DSID-0C090627, comment: In order to perform this
         operation a successful bind must be completed on the connection.
         but commands like
             ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base"  -D
    "some
         user dn" -W  would work on entering correct password.

         How can we replicate this behavior with the fedora directory
    server ?

    through access control lists,  you can disable anonymous access
    and specify
    authorization

    You can refer the below
    http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html

    http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html




         Regards,
         Shivraj

         --
         Fedora-directory-users mailing list
         Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
https://www.redhat.com/mailman/listinfo/fedora-directory-users 
    <https://www.redhat.com/mailman/listinfo/fedora-directory-users>

    --
    Fedora-directory-users mailing list
    Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
    https://www.redhat.com/mailman/listinfo/fedora-directory-users


    ========================================================================================
    AVISO LEGAL: Esta información es privada y confidencial y está
    dirigida
    únicamente a su destinatario. Si usted no es el destinatario
    original de
    este mensaje y por este medio pudo  acceder a dicha información
    por favor
    elimine el mensaje. La distribución o copia de este mensaje está
    estrictamente prohibida. Esta comunicación es sólo para  propósitos de
    información y no debe ser considerada como propuesta, aceptación
    ni como
    una declaración de voluntad oficial de NUCLEO S.A.  La transmisión de
    e-mails no garantiza que el correo electrónico sea seguro o libre
    de error.
    Por consiguiente, no manifestamos que esta información sea completa o
    precisa.  Toda información está sujeta a alterarse sin previo aviso.

     This information is private and confidential and intended for the
    recipient only. If you are not the intended recipient of this
    message you
    are hereby notified that any review,  dissemination, distribution or
    copying of this message is strictly prohibited. This communication
    is for
    information purposes only and shall not be regarded neither as a
    proposal,
    acceptance nor as a statement of will or official statement from
    NUCLEO
    S.A. . Email transmission cannot be guaranteed to be secure or
    error-free.
    Therefore,  we do not represent that this information is complete or
    accurate and it should not be relied upon as such. All information is
    subject to change without notice.

    --
    Fedora-directory-users mailing list
    Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
    https://www.redhat.com/mailman/listinfo/fedora-directory-users


------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux