Am Mon, 27 Oct 2014 15:30:49 -0300 schrieb Net Warrior netwarrior863@gmail.com:
Thanks for the answer, but, from the query I shown, you can see that the DIT is displayed "namingContexts: dc=domain,dc=com" and knowking that, I can make a ldapserch -x pointing tho the server and the base search for example and list all the domain users, isn't it a security concern? I tested it and it works, how can I create an access list to prevent this, disable the simple auth or disable those anonymous queries ?
Thanks for your time and support.
If you allow an anonymous read access on a subtree, that in fact might be serious security issue, depending on the data. You, or your management, should define a policy, WHO is allowed to do WHAT on the directories data. Based on this written and agreed policy, access rules may be defined. This rules might be simple or paranoid, but that is the art of directory management.
-Dieter