Hi,
I think I made some critical investigations.
1st:
In ApacheDS 1.5.5 anonymous access is enabled by default. In server.xml
we have two flags:
<defaultDirectoryService id="directoryService" instanceId="default"
allowAnonymousAccess="true"
...>
<ldapServer id="ldapServer"
allowAnonymousAccess="false"
...>
Although the flag in <ldapServer> is set to "false" anonymous access
works. In fact, changing this flag has no effect.
However changing the flag in <defaultDirectoryService> disables
anonymous access.
2nd:
When binding as anonymous one could make modifications to the server
(add, modify, delete)! Is this intended?
Kind Regards,
Stefan
