How to disable anonymous access on LDAP

security debian ldap openldap
24,789

Solution 1

To completely disable anonymous bind, add this line to slapd.conf:

disallow bind_anon

and restart the slapd service.

Solution 2

If the accepted answer does not work for you (it didn't for me on Ubuntu), try the following.

Create ldiff file:

nano /usr/share/slapd/ldap_disable_bind_anon.ldif

Paste in this:

dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc

And then run:

ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/slapd/ldap_disable_bind_anon.ldif
Share:
24,789

Related videos on Youtube

Peter Sankauskas
Author by

Peter Sankauskas

Software Engineer at AdMobius

Updated on September 17, 2022

Comments

  • Peter Sankauskas
    Peter Sankauskas over 1 year

    I need to secure my LDAP server and am not quite sure the best way to go about it. I am running Debian "Lenny", and using OpenLDAP (slapd).

    I notice that if I run:

    ldapsearch -x -W -b 'dc=example,dc=com' -H 'ldap://127.0.0.1:389/' 'objectclass=*'

    and just press ENTER when it prompts for a password, that I get a list of directory entries. Anonymous access is not acceptable if I am opening this up to the internet, but cannot find a way to disable anonymous access.

    I have tried modifying /etc/ldap/slapd.conf to the following:

    access to *
    by dn="cn=admin,dc=example,dc=com" write
    by * none

    ... but that doesn't do the trick.

    After this, I will get it running over TLS, but it is pointless doing that step while still allowing anonymous access.

    Any ideas?

  • RPB
    RPB about 5 years
    works on ubuntu!!
  • Al Klimov
    Al Klimov over 2 years
    Are the 1st and 3rd ones actually required?
  • Admin
    Admin almost 2 years
    For FreeBSD: This line "disallow bind_anon" should be added in the global section. Adding at the bottom did not work for me. freebsd.org/cgi/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Secure ldap problem
OpenLDAP with ldaps support on Debian Lenny
OpenLdap: Why slapd tell me there's no DB_CONFIG when there is one
How to correctly ldapmodify replace olcAccess lines?
How to disable ldap and allow local authentication in debian server?
What are the other alternative to test a LDAP connection on linux machine
inetOrgPerson with member or memberOf?
Nested Group LDAP Search Filter
How to add rights to an user with olcAccess, in an OpenLDAP 2.4
Unable to find valid certification path to requested target in glassfish web service application