Hi Michael Based on the the ACL's I posted from my configuration, what else can you recommend to include, tweak or modify?
Thank you very much! Regards 2014-10-27 15:40 GMT-03:00 Michael Ströder <[email protected]>: > Net Warrior wrote: > > Thanks for the answer, but, from the query I shown, you can see that the > > DIT is displayed "namingContexts: dc=domain,dc=com" and knowking that, I > > can make a ldapserch -x pointing tho the server and the base search for > > example and list all the domain users, isn't it a security concern? I > > tested it and it works, how can I create an access list to prevent this, > > disable the simple auth or disable those anonymous queries ? > > Knowing namingContexts or not is not a matter of security. > > Having decent ALCs in place to protect the entries beneath > dc=domain,dc=com is. > > Just locking down rootDSE does not help at all. > > Ciao, Michael. > >
