Infusion Technology Solutions Blog
Technology related solutions, tips, tricks, and other interesting topics
Disable Anonymous Access to OpenLDAP
In: General IT Info
7 Feb 2009After you setup an OpenLDAP server, one of the first things you’ll want to do is disable anonymous access to it. This will prevent unauthenticated users from connecting to your OpenLDAP server and extracting information about your users and network resources from it. To disable anonymous access to your OpenLDAP server, you need to edit the slapd.conf file which on CentOS 5 is located at /etc/openldap/slapd.conf. Open the slapd.conf file for editing and do the following:
Look for a line similar to this:
allow bind_v2 bind_anon_cred bind_anon_dn
Remove from that any of the items relating to anonymous access which will have “anon” in their names. So after editing the above line it will look like this:
allow bind_v2
Now add the following two lines to the slapd.conf file to explicitly deny anonymous binds and anonymous access to the directory information:
disallow bind_anon
require authc
Now save the slapd.conf file and restart the LDAP service to put the changes into effect. On CentOS 5 you can restart the OpenLDAP service by running the following command in the terminal:
service ldap restart
- Tags: centos 5, ldap, ldap service, network resources, openldap, openldap server
Comment Form
About this blog
This blog is about technology related topics. It will primarily contain problems and solutions to IT problems that I encounter on a day-to-day basis. In addition interesting things I come across either on or off the internet will be posted here as well. I will also include step-by-step tutorials to common tasks people may need to do with their computers.
Web Hosting Discount
-
Get the first month for only $0.01 using coupon code HGCOUPONBLOG. No contracts, cancel anytime.
Categories
- Apple (31)
- Electronics (10)
- Games (1)
- General IT Info (47)
- Information Security (12)
- Microsoft (11)
- Ramblings (3)
- The Net (5)
- Tutorials (3)
- Web Development (12)
- Alshe Dupur: Thanks for the great tips. I need this badly... :) [...]
- hosni: thank you , thank you , thank you [...]
- Rico: Any suggestions for when the slotid mkpassdb fix does not do the trick? [...]
- Neil: I think it is worth noting "udo sso_util configure -r YOUR.REALM.COM -a diradmin -p " The YOURREA [...]
- pearlbluesoul: I was looking for that article for a friend, but in reading it seems that the update for 10.6.7 serv [...]
- How To Allow MacOS X 10.4, 10.5, and 10.6 Client Computers To Update Against a MacOS X 10.6 Sofware Update Server Using a Single Common URL
- How to Reset the Password for an OS X Open Directory Mobile Account
- Terminal Command for Xserve Intel Hardware RAID Card
- How to Fix a Corrupted OS X Open Directory Account Password
- How to Configure Splunk to use a Web Proxy Server
- How to Get Trixbox Working Behind a NAT Firewall
- How to Backup and Restore a MySQL Database Using mysqldump
- How to Reset the Admin Password in ColdFusion MX 6
- How to Enable ReadyBoost for an ExpressCard SSD in Vista
- Sendmail Hangs When Starting Up or When Using It with PHP
Revolutionary One Time Password Device
