How to disable anonymous access on LDAP

security debian ldap openldap

Solution 1:

To completely disable anonymous bind, add this line to slapd.conf:

disallow bind_anon

and restart the slapd service.

Solution 2:

If the accepted answer does not work for you (it didn't for me on Ubuntu), try the following.

Create ldiff file:

nano /usr/share/slapd/ldap_disable_bind_anon.ldif

Paste in this:

dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc

And then run:

ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/slapd/ldap_disable_bind_anon.ldif

Related

RAID 0 recovery
Why have multiple partitions on a windows server?
Things to consider when buying PDUs
Being a more attractive job candidate - Certs XOR Degree
Why should swap size be same or larger than RAM?
Apache 2.2 rewrite - Force all requests to index.html
"offending key" warning when connecting by ssh to my VPS
better way to loop through a list of servers
When to use routable vs non-routable IP addresses [closed]
How would I grab a text file off of a windows machine from a linux cli?
Do I even need a swap partition with Linux?
How to determine how many shells deep I might be?