[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]

To: <openldap-software@OpenLDAP.org>
Subject:
From: <chdonald@sh163.net>
Date: Sat, 13 Oct 2001 16:49:00 +0800

  Hello !I use internet scanner to scan my openldap system,it finds several security bugs.
1. use NULL bind entry can result in anonymous access
2.cn=monitor can get some information from system
3.cn=config can get some informaiton from system.

ACL in my system configuration is such as:

defaultaccess none

access to  attr=userPassword
        by self compare
        by group="cn=admin,ou=Groups,dc=compnay,dc=net" write
        by * none


access to *
        by self read
        by group="cn=admin,ou=Groups,dc=company,dc=net" write
        by * none

I want to know how can I close these features.
I can't find any useful informations in Openldap adminstration  and FAQ.So pleas help me.

Follow-Ups:
- Re: internet scanner (Was: empty)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: CPU utilisation = 99% => death; help, please!
Next by Date: ldap_add: Already exists
Index(es):
- Chronological
- Thread