[Date Prev][Date Next]
What attributes to authenticate (or) How to block the ldap tree for anonymous users
- To: email@example.com
- Subject: What attributes to authenticate (or) How to block the ldap tree for anonymous users
- From: Holger Schier <firstname.lastname@example.org>
- Date: Wed, 29 Sep 2010 14:28:34 +0200
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:22.214.171.124) Gecko/20100714 SUSE/3.1.1 Lightning/1.0b2 Thunderbird/3.1.1
I am working with the LSEE 11 and trying to run a LDAP server. From
scratch on everything went fine. With the standard configuration I can
login, but if I use the LDAP Browser and hit anonymous access, I can see
my whole LDAP tree. User name, mailaddresses and so on. And I am not
happy with it.
So I tried to change the access control from
access to * by * read
access to * by * auth
access to * by * search
The user password is already in auth mode.
But with every other configuration instead of read, I cannot login
anymore. Insufficient access. After the first try with auth I read the
log files and saw that there is a search operation. So i switched to
search. Now the server denies some read operations.
So, my questions are: Is it just normal that anyone can see the LDAP
tree? Is there any other option to hide my tree? And what attributes
have to be readable to login?
Thanks a lot.