Disable Anonymous Access to OpenLDAP

After you setup an OpenLDAP server, one of the first things you’ll want to do is disable anonymous access to it. This will prevent unauthenticated users from connecting to your OpenLDAP server and extracting information about your users and network resources from it.  To disable anonymous access to your OpenLDAP server, you need to edit the slapd.conf file which on CentOS 5 is located at /etc/openldap/slapd.conf. Open the slapd.conf file for editing and do the following:

Look for a line similar to this:

allow bind_v2 bind_anon_cred bind_anon_dn

Remove from that any of the items relating to anonymous access which will have “anon” in their names. So after editing the above line it will look like this:

allow bind_v2

Now add the following two lines to the slapd.conf file to explicitly deny anonymous binds and anonymous access to the directory information:

disallow bind_anon
require authc

Now save the slapd.conf file and restart the LDAP service to put the changes into effect. On CentOS 5 you can restart the OpenLDAP service by running the following command in the terminal:

service ldap restart
OpenLDAP logo

Leave a Reply