Hi Michael
Based on the the ACL's I posted from my configuration, what else can you recommend to include, tweak or modify?

Thank you very much!

Regards

2014-10-27 15:40 GMT-03:00 Michael Ströder <michael@stroeder.com>:

Net Warrior wrote:
> Thanks for the answer, but, from the query I shown, you can see that the
> DIT is displayed "namingContexts: dc=domain,dc=com" and knowking that, I
> can make a ldapserch -x pointing tho the server and the base search for
> example and list all the domain users, isn't it a security concern? I
> tested it and it works, how can I create an access list to prevent this,
> disable the simple auth or disable those anonymous queries ?

Knowing namingContexts or not is not a matter of security.

Having decent ALCs in place to protect the entries beneath dc=domain,dc=com is.

Just locking down rootDSE does not help at all.

Ciao, Michael.