[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Howto fix LDAP Nullbind vulnerability
At 09:08 PM 12/16/2002, Rafael Angarita wrote:
>----- Original Message -----
>From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
>> At 01:28 PM 12/16/2002, Rafael Angarita wrote:
>> > A host summary vulnerability report indicated an issue with my LDAP
>server, it was a "LDAP NullBind" vulnerability.
>> > How can I fix it?
>>
>> http://www.iss.net/security_center/static/1424.php
>> See the remedy section. Google is your friend.
>
> Sure, but how do I do it?
> How to "Disable the NULL bind entry or control the entry with Access
>Control Lists (ACLs)." in openldap 1.3.12, that's the matter... I don't know
>how to do it...
For 1.2, I suggest you check out the U-Mich LDAP Guide
<http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/>,
browse really old archives of this list, and ACL
example in the test directory. Or toy with examples for
2.0/2.1 which can be found in later documentation and
the FAQ (many should work just fine in 1.2).
Kurt