[Date Prev][Date Next] [Chronological] [Thread] [Top]

What attributes to authenticate (or) How to block the ldap tree for anonymous users

To: openldap-technical@openldap.org
Subject: What attributes to authenticate (or) How to block the ldap tree for anonymous users
From: Holger Schier <hschier@mathematik.uni-mainz.de>
Date: Wed, 29 Sep 2010 14:28:34 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.7) Gecko/20100714 SUSE/3.1.1 Lightning/1.0b2 Thunderbird/3.1.1

Hey guys,

I am working with the LSEE 11 and trying to run a LDAP server. Fromscratch on everything went fine. With the standard configuration I canlogin, but if I use the LDAP Browser and hit anonymous access, I can seemy whole LDAP tree. User name, mailaddresses and so on. And I am nothappy with it.


So I tried to change the access control from
access to * by * read
to
access to * by * auth
or
access to * by * search

The user password is already in auth mode.

But with every other configuration instead of read, I cannot loginanymore. Insufficient access. After the first try with auth I read thelog files and saw that there is a search operation. So i switched tosearch. Now the server denies some read operations.

So, my questions are: Is it just normal that anyone can see the LDAPtree? Is there any other option to hide my tree? And what attributeshave to be readable to login?


Thanks a lot.
Holger

Follow-Ups:
- Re: What attributes to authenticate (or) How to block the ldap tree for anonymous users
  - From: Diego Lima <lists@diegolima.org>

Next by Date: Re: Samba 3.5.5 with ldap backend crash slapd 2.4.23 !!!
Index(es):
- Chronological
- Thread