Hi,on my Debian8 slapd installation I can query the ldap-server without typing in any password. That isn't ok!?
At the dn: olcDatabase={1}mdb.ldif I found the following entry:
olcAccess: {2}to * by * read
I guess that gives read access to everyone without authentification.
It was pure coincidence that I tested a login without credentials! Cause
a login with credentilas works as well.
Please change olcAccess: {2}to * by * read -> olcAccess: {2}to * by users read
After that, the login was denied: ldap_bind: Server is unwilling to perform (53)additional info: unauthenticated bind (DN with no password) disallowed
-------------
Here is a ldif for every one who likes to change it.
cat rights.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {2}to * by * read
-
add: olcAccess
olcAccess: {2}to * by users read
ldapmodify -Y EXTERNAL -H ldapi:/// -f rights.ldif
Regards
Carsten
smime.p7s
Description: S/MIME Cryptographic Signature
