[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: BIND with empty password

To: marc.bigler@day.com
Subject: Re: BIND with empty password
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 21 Nov 2002 21:48:59 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <OF2A3F5EE8.3EC52FF4-ONC1256C78.0060C644@day.com>
Organization:
References: <OF2A3F5EE8.3EC52FF4-ONC1256C78.0060C644@day.com>

tor, 2002-11-21 kl. 18:40 skrev marc.bigler@day.com:

> I've remarked that when I BIND to an ldap server and enter an empty
> password it binds successfully, is that normal ?

Yep.

>  I would like to only let
> users which are defined in ou=LDAPuser,dc=mydomain,dc=com to use LDAP, how
> can I acheive that with the access statement ? I do not want to allow any
> anonymous binds...

access to dn="dc=mydomain,dc=com"
	by * none

access to dn.children="dc=mydomain,dc=com"
	by anonymous auth
	by dn="ou=LDAPuser,dc=mydomain,dc=com" write (or read or
							 whatever)
	by * none

access to *
	by * none

Or whatever you want.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- Re: BIND with empty password
  - From: Adam Williams <awilliam@whitemice.org>

References:
- BIND with empty password
  - From: marc.bigler@day.com

Prev by Date: Re: No such object (32) ..., again
Next by Date: Re: account balances
Index(es):
- Chronological
- Thread