How to disable anonymous access on LDAP

Solution 1:

To completely disable anonymous bind, add this line to slapd.conf:

disallow bind_anon

and restart the slapd service.

Solution 2:

If the accepted answer does not work for you (it didn't for me on Ubuntu), try the following.

Create ldiff file:

nano /usr/share/slapd/ldap_disable_bind_anon.ldif

Paste in this:

dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc

And then run:

ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/slapd/ldap_disable_bind_anon.ldif