[Date Prev][Date Next] [Chronological] [Thread] [Top]

What attributes to authenticate (or) How to block the ldap tree for anonymous users

Hey guys,

I am working with the LSEE 11 and trying to run a LDAP server. From scratch on everything went fine. With the standard configuration I can login, but if I use the LDAP Browser and hit anonymous access, I can see my whole LDAP tree. User name, mailaddresses and so on. And I am not happy with it.

So I tried to change the access control from
access to * by * read
access to * by * auth
access to * by * search

The user password is already in auth mode.

But with every other configuration instead of read, I cannot login anymore. Insufficient access. After the first try with auth I read the log files and saw that there is a search operation. So i switched to search. Now the server denies some read operations.

So, my questions are: Is it just normal that anyone can see the LDAP tree? Is there any other option to hide my tree? And what attributes have to be readable to login?

Thanks a lot.