Deactivating Anonymous LDAP Logins
Posted: 13 Apr 2005
A reader recently asked about deactivating anonymous LDAP logins:
"Is there a way to deactivate the anonymous LDAP login? I want only
authorized users to have access to LDAP. This is to support our company
policy."
And here are responses from two Forum experts:
Expert 1: ConsoleOne setup
Yes, you can. If you are running the 8.7.0.3 or higher version of eDirectory
and have the LDAP Schema extensions installed, you can do this from
ConsoleOne:
- Load ConsoleOne.
- Browse to your LDAP server object.
- Right-click Properties | Other tab.
- Click Attribute Add.
- Scroll to the ldapBindRestrictions attribute and click OK.
- To disable anonymous binds, put a value of 1 in the attribute value field.
To allow such connections, put in a value of 0.
- Select Apply and click OK.
Expert 2: iManager setup
Yes. Here are the steps to follow from iManager:
- Login to iManager as admin.
- Go to LDAP Overview (on left side, in LDAP section).
- Click the View LDAP Servers tab.
- Select the server to be edited.
- In the dropdown menu, choose Connections.
- In the section at the bottom called "Restrictions" there is a dropdown
menu for Bind Restrictions. Change that to "Disallow anonymous simple bind"
and click Apply.
That should do it. You'll have to repeat these steps for each LDAP server you
want to restrict.
|