Posted: 13 Apr 2005

A reader recently asked about deactivating anonymous LDAP logins:

"Is there a way to deactivate the anonymous LDAP login? I want only authorized users to have access to LDAP. This is to support our company policy."

And here are responses from two Forum experts:

Expert 1: ConsoleOne setup

Yes, you can. If you are running the 8.7.0.3 or higher version of eDirectory and have the LDAP Schema extensions installed, you can do this from ConsoleOne:

1. Load ConsoleOne.
2. Browse to your LDAP server object.
3. Right-click Properties | Other tab.
4. Click Attribute Add.
5. Scroll to the ldapBindRestrictions attribute and click OK.
6. To disable anonymous binds, put a value of 1 in the attribute value field. To allow such connections, put in a value of 0.
7. Select Apply and click OK.

Expert 2: iManager setup

Yes. Here are the steps to follow from iManager:

1. Login to iManager as admin.
2. Go to LDAP Overview (on left side, in LDAP section).
3. Click the View LDAP Servers tab.
4. Select the server to be edited.
5. In the dropdown menu, choose Connections.
6. In the section at the bottom called "Restrictions" there is a dropdown menu for Bind Restrictions. Change that to "Disallow anonymous simple bind" and click Apply.

That should do it. You'll have to repeat these steps for each LDAP server you want to restrict.