[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Howto fix LDAP Nullbind vulnerability (part II)
At 07:25 PM 12/26/2002, Rafael Angarita wrote:
> In short the questiions are:
> 1. What is a NullBind?
As I noted above, I believe they use this term to refer to an
anonymous bind.
> 2. What should I add to my slapd.conf file to fix it.
In 1.2, there is no way to disable the bind itself. Instead
one restricts access to directory information using ACLs.
> 3. How can I test this running an ldapsearch?
Don't specify -D nor -W/-w and attempt to read the directory.
Your ACLs should protect what you don't want accessed.
> Thanks for your help,
>
> PS: I'm using openldap 1.2.13
You might consider using a more recent version...
>> For 1.2, I suggest you check out the U-Mich LDAP Guide
>> <http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/>,
>> browse really old archives of this list, and ACL
>> example in the test directory. Or toy with examples for
>> 2.0/2.1 which can be found in later documentation and
>> the FAQ (many should work just fine in 1.2).
>>
>> Kurt