[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mac OS X OpenLDAP allows anonymous access to all fields

To: openldap-technical@openldap.org
Subject: Re: Mac OS X OpenLDAP allows anonymous access to all fields
From: "RAT" <robert3t@netzero.net>
Date: Mon, 13 Dec 2010 17:58:21 GMT
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netzero.net; s=alpha; t=1292263183; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; l=0; h=From:Date:To:Subject:Message-Id:Content-Type; b=ABnNqmprIkkBXIG6s9m9jfvfeAcWSWNhvT+sncH55TSgcmfHsCrEgCv9xjjy0NYyy nn04aSCAxRNfy6ENZrRs5ppwnrFeXaPrr8qOD+cPek5pYVkVUE8YdXXqWvHpYh9BP/ ePzu1rSxEVGIdWxmWw8SVY6V9szma6HsmYnlGgTo=

I have SSHA1 working, but still not comfortable with this being visible via LDAP query.  http://www.openldap.org/doc/admin24/security.html  What are others doing to harden the default install?

Robert Threet
http://yesistilluseperl.blogspot.com/

---------- Original Message ----------
From: "RAT" <robert3t@netzero.net>
To: openldap-technical@openldap.org
Subject: Mac OS X OpenLDAP allows anonymous access to all fields
Date: Mon, 13 Dec 2010 16:22:44 GMT

I am experimenting with authenticating users off of OpenLDAP.  The default deployment from Apple seems to be (at least in my case) completely wide open.  I have been trying to find a ACI to block access to the password value.  Does anyone have any good resources on this or, better yet, an ACI I can apply? 

Robert Threet
http://yesistilluseperl.blogspot.com/

____________________________________________________________
How to Fall Asleep?
Cambridge Researchers have developed an all natural sleep aid just for you.
http://thirdpartyoffers.netzero.net/TGL3231/4d065f00159b66954dest06duc

Prev by Date: Mac OS X OpenLDAP allows anonymous access to all fields
Next by Date: backend issue
Index(es):
- Chronological
- Thread