Re: disable NULL BIND on your LDAP server
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 10/19/05
- Next message: Miha Pihler [MVP]: "Re: Batch files and MSC"
- Previous message: Sonny: "Re: Missing Group for local admin group"
- In reply to: Doug Fox: "disable NULL BIND on your LDAP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Oct 2005 12:07:35 -0400
You can't disable anonymous/NULL bind. LDAP V3 requires it for the rootdse.
However, a null bind doesn't necessarily give you access to domain or config
data. In fact, if you are running Windows Server 2003 AD you have to
specifically enable anonymous access on the ACLs to retrieve data.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Doug Fox wrote: > Used NESSUS scanned a server. It issued a warning saying that "ldap > (389/tcp) - improperly configured LDAP servers will allow any user to > connect to the server and query for information. The solution is to > "disable NULL BIND on your LDAP server." > > Did google many times, search results only show the > "suggestion/recommendation", but none of them show the steps to disable it. > > Could someone please point me to a place where I can obtain the steps. > > Thanks, > > >
- Next message: Miha Pihler [MVP]: "Re: Batch files and MSC"
- Previous message: Sonny: "Re: Missing Group for local admin group"
- In reply to: Doug Fox: "disable NULL BIND on your LDAP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
