[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Howto fix LDAP Nullbind vulnerability



At 09:08 PM 12/16/2002, Rafael Angarita wrote:

>----- Original Message -----
>From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
>> At 01:28 PM 12/16/2002, Rafael Angarita wrote:
>> >   A host summary vulnerability report  indicated an issue with my LDAP
>server, it was a "LDAP NullBind" vulnerability.
>> >    How can I fix it?
>>
>> http://www.iss.net/security_center/static/1424.php
>> See the remedy section.  Google is your friend.
>
>    Sure, but how do I do it?
>    How to "Disable the NULL bind entry or control the entry with Access
>Control Lists (ACLs)." in openldap 1.3.12, that's the matter... I don't know
>how to do it...

For 1.2, I suggest you check out the U-Mich LDAP Guide 
<http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/>,
browse really old archives of this list, and ACL
example in the test directory.  Or toy with examples for
2.0/2.1 which can be found in later documentation and
the FAQ (many should work just fine in 1.2).

Kurt