Gavin Henry wrote:
> And this where is got interesting:
> 1. Access via ldap on the user DIT and on cn=monitor where both
> inhibited and connections (rightly) refused whereas in both cases
> access via ldaps was accepted.
> 2. I could bind anonymously to rootDSE and cn=subschema which I wanted
> 3. cn=config would accept either a ldap (389) or an ldaps (636)
> connection. Apparently by-passing the security simple_bind=128 check.
How did you bind?
binds cn=monitor (rootdn), user DIT (normal user) and cn=config
(rootdn)
were simple authenticated binds. bind to rootDSE and cn=subschema were
anonymous
> a. Is this expected?
> b. is there a better way to do it?
> c. Am I (more than likely) missing something? (on searching the
> archives I saw a note from Quannah suggesting that he was using some
> sort of SASL service to inhibit access).
> Many thanks in advance for any help on this matter.
> Regards
>
--
Ron Aitchison
www.zytrax.com
ZYTRAX ron(a)zytrax.com
tel: 514-315-4296
Suite 22
6201 Chemin Cote St. Luc
Hampstead QC H3X 2H2 Canada
Author: Pro DNS and BIND (Apress) ISBN 1-59059-494-0