Please correct me if I'm wrong. I thought the easiest way to disable anonymous access is to remove the default anonymous access ACI or modify the ACI from "ldap:///anyone"; to "ldap:///all"; so that only authenticated user can access to the directory.
- David On Jan 24, 2008 10:03 AM, Ivan Ferreira <[EMAIL PROTECTED]> wrote: > One way will be by modifying the ACIs to do not allow anonymous read > access > to attributes. > > Not sure if there is an "easy way" to disable anonymous access to the > directory in the Console. > > > > > > > > Para > "General discussion list for the > Fedora Directory server > "mallapadi niranjan" project." > <[EMAIL PROTECTED] <[EMAIL PROTECTED] > m> om> > Enviado por: cc > fedora-directory-users-b > [EMAIL PROTECTED] Asunto > Re: [Fedora-directory-users] > 24/01/2008 11:57 a.m. Authenticate before querying > ldap. > Clasificación > Uso Interno > Por favor, responda a > "General discussion list > for the Fedora Directory > server project." > <fedora-directory-users@ > redhat.com> > > > > > > > > > On Jan 24, 2008 4:37 PM, <[EMAIL PROTECTED]> wrote: > Hi, > Our organization has an AD server running which requires you to bind > to it first before querying the server. > > For example commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" would fail > with LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection. > but commands like > ldapsearch -x -h "some ip" "(cn=abcd)" -b "some base" -D "some > user dn" -W would work on entering correct password. > > How can we replicate this behavior with the fedora directory server ? > > through access control lists, you can disable anonymous access and > specify > authorization > > You can refer the below > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Default_ACIs.html > > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Access_Control_Usage_Examples.html > > > > > Regards, > Shivraj > > -- > Fedora-directory-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ======================================================================================== > AVISO LEGAL: Esta información es privada y confidencial y está dirigida > únicamente a su destinatario. Si usted no es el destinatario original de > este mensaje y por este medio pudo acceder a dicha información por favor > elimine el mensaje. La distribución o copia de este mensaje está > estrictamente prohibida. Esta comunicación es sólo para propósitos de > información y no debe ser considerada como propuesta, aceptación ni como > una declaración de voluntad oficial de NUCLEO S.A. La transmisión de > e-mails no garantiza que el correo electrónico sea seguro o libre de > error. > Por consiguiente, no manifestamos que esta información sea completa o > precisa. Toda información está sujeta a alterarse sin previo aviso. > > This information is private and confidential and intended for the > recipient only. If you are not the intended recipient of this message you > are hereby notified that any review, dissemination, distribution or > copying of this message is strictly prohibited. This communication is for > information purposes only and shall not be regarded neither as a proposal, > acceptance nor as a statement of will or official statement from NUCLEO > S.A. . Email transmission cannot be guaranteed to be secure or error-free. > Therefore, we do not represent that this information is complete or > accurate and it should not be relied upon as such. All information is > subject to change without notice. > > -- > Fedora-directory-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
-- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
