[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security and bind_anonymous_dn



List,

Openldap 2.2.6, BDB 4.2.52 on RedHat's RHEL3.

All the files lying around on my harddisk with my proxy admin password
made me unhappy. Examples are /etc/ldap.secret, Postfix 2.0.18 snaphot's
many /etc/postfix/maps/ldap/mumble.cf's,
/usr/lib/courier-imap/etc/authldaprc, /usr/lib/sasl2/smtpd.conf and I'm
sure there are more, only I can't remember where they are :(

Someone on "another list" pointed out slapd's 'allow anonymous_bind_dn'.
Sure enough, with 'allow anonymous_bind_dn' I can get rid of the proxy
admin password in every file but my Openldap/Postfix SASL
/usr/lib/sasl2/smtpd.conf. Only one file to remember.

Can anyone point out any obvious security-based (or other) reason for
not allowing bind_anonymous_dn in slapd.conf? If not, why isn't it
standard?

Best,

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl