[Date Prev][Date Next]
Re: Securing cn=config
And this where is got interesting:
1. Access via ldap on the user DIT and on cn=monitor where both
inhibited and connections (rightly) refused whereas in both cases access
via ldaps was accepted.
2. I could bind anonymously to rootDSE and cn=subschema which I wanted
3. cn=config would accept either a ldap (389) or an ldaps (636)
connection. Apparently by-passing the security simple_bind=128 check.
How did you bind?
a. Is this expected?
b. is there a better way to do it?
c. Am I (more than likely) missing something? (on searching the archives
I saw a note from Quannah suggesting that he was using some sort of SASL
service to inhibit access).
Many thanks in advance for any help on this matter.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
Open Source. Open Solutions(tm).