Am Mon, 27 Oct 2014 15:30:49 -0300
schrieb Net Warrior <netwarrior863(a)gmail.com>:
Thanks for the answer, but, from the query I shown, you can see that
the DIT is displayed "namingContexts: dc=domain,dc=com" and knowking
that, I can make a ldapserch -x pointing tho the server and the base
search for example and list all the domain users, isn't it a
security concern? I tested it and it works, how can I create an
access list to prevent this, disable the simple auth or disable those
anonymous queries ?
Thanks for your time and support.
If you allow an anonymous read access on a subtree, that in fact might
be serious security issue, depending on the data.
You, or your management, should define a policy, WHO is allowed to do
WHAT on the directories data. Based on this written and agreed policy,
access rules may be defined. This rules might be simple or paranoid,
but that is the art of directory management.
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B