[Date Prev][Date Next] [Chronological] [Thread] [Top]

Howto fix LDAP Nullbind vulnerability (part II)

To: "Rafael Angarita" <rangarita@telcel.net.ve>
Subject: Howto fix LDAP Nullbind vulnerability (part II)
From: "Rafael Angarita" <rangarita@telcel.net.ve>
Date: Thu, 26 Dec 2002 23:25:28 -0400
Cc: <openldap-software@OpenLDAP.org>
References: <5.2.0.9.0.20021216195314.02625cf8@127.0.0.1> <5.2.0.9.0.20021217161642.019ff458@127.0.0.1>

    I checked the documentation and added this lines to my slapd.conf file,
but the scanner reports the "LDAP NullBind" vulnerability yet...

defaultaccess none
access to dn="cn=root,c=VE"
by dn="" none

    now, I'm not sure, what is exactly a NullBind?
    How can I test manually this is present yet? I tried a search without -D
argument and it return empty when no -D argument is supplied and return
entries when it is present in the command line, but I don't know what is a
NullBind...

    In short the questiions are:
    1. What is a NullBind?
    2. What should I add to my slapd.conf file to fix it.
    3. How can I test this running an ldapsearch?

    Thanks for your help,

    PS: I'm using openldap 1.2.13




> For 1.2, I suggest you check out the U-Mich LDAP Guide
> <http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/>,
> browse really old archives of this list, and ACL
> example in the test directory.  Or toy with examples for
> 2.0/2.1 which can be found in later documentation and
> the FAQ (many should work just fine in 1.2).
>
> Kurt

Follow-Ups:
- Re: Howto fix LDAP Nullbind vulnerability (part II)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Howto fix LDAP Nullbind vulnerability
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Howto fix LDAP Nullbind vulnerability
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Who have tested the performence of OpenLDAP?
Next by Date: RE: LDAP supported Global Address book?
Index(es):
- Chronological
- Thread