[Date Prev][Date Next] [Chronological] [Thread] [Top]

Disable NULL BASE queries

To: openldap-software@OpenLDAP.org
Subject: Disable NULL BASE queries
From: Shawn McKinney <smmtech@sbcglobal.net>
Date: Thu, 5 Feb 2004 11:39:08 -0800 (PST)

Greetings All,

I am running a standalone, non-replicated instance of OpenLDAP v 2.1.22 on a Sun E250 server with Solaris 2.8 installed. Currently the box is being used for testing purposes. My problem is as follows:

We are running the slapd instance in our coporate extranet. Subsequent security scans by an independent security contractor has detected what is described as a security hole in our LDAP server. The exact verbage of their report is:

Improperly configured LDAP servers will allow the directory BASE

to be set to NULL. This allows information to be

culled without any prior knowledge of the directory

structure. Coupled with a NULL BIND, an anonymous

user can query your LDAP server using a tool such

as ?LdapMiner?

Solution: Disable NULL BASE queries on your LDAP server

Risk factor : Medium

I have disabled NULL binds but can't find any documentation outlining how to "Disable NULL BASE queries" on this server. Anyone have any ideas? We want to be able to use OpenLDAP but if I can't figure this problem out we may need to use another product.

Thanks,

Shawn

Follow-Ups:
- Re: Disable NULL BASE queries
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Disable NULL BASE queries
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Cannot find rootDN
Next by Date: Re: Cannot find rootDN
Index(es):
- Chronological
- Thread