[Date Prev][Date Next] [Chronological] [Thread] [Top]

Anonymous bind allowed when configured not to.



Good Morning,

I was recently made aware of a problem with my OpenLDAP 2.4.26 and
2.4.28 servers.

I have configured each server to disallow anony using the below directive.

### Disable anony
disallow bind_anon

This works great for Softerra Ldap Administrator, and the ldapsearch
command (linux).

$ ldapsearch -x -H ldaps://openldap.example.com -b
"ou=peoples,dc=example,dc=com" "(uid=someuser)"
ldap_bind: Inappropriate authentication (48)
        additional info: anonymous bind disallowed

However, when I use Jxplorer (http://jxplorer.org/) it not only allows
the bind, but allows the search. Right now the ACL is set for "by
anonymous read", but shouldn't the disallow directive even prevent the
connection?

I'm working on getting some debug logs, but if any one has experienced
this, please let me know. Thanks.

Kyle Smith