Enhancement #2793

LDAP anonymous access to user account entries

Added by Davide Principi about 7 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-directory
Target version:~FUTURE
Resolution:REJECTED NEEDINFO:No

Description

Some LDAP clients and/or legacy environments requires anonymous bind to the LDAP accounts database.

Currently only authenticated binds over TLS/SSL are granted access to the LDAP tree.

Enable (restricted) access to anonymous binds too.

History

#1 Updated by Davide Principi about 7 years ago

WARNING
This is not easily reversible!

This command opens the LDAP to the world, (except password fields):

 # perl -MNethServer::Directory -e '
$l = NethServer::Directory->new(); 
$l->enforceAccessDirective("by anonymous read", "*");
'

#2 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20
Tested with Mozilla Thunderbird with following configurations:
  • Host: ip address of the server
  • Port: 389
  • Base DN: ou=People,dc=example,dc=org
  • On Advanced tab, make sue "Login method" is set to "Simple"

#3 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from TRIAGED to CLOSED
  • % Done changed from 20 to 100
  • Resolution set to REJECTED

Also available in: Atom PDF