Restricting LDAP permissions

**davidfraser** · 01-11-2008, 07:39 AM

I want to enable people to use LDAP to access their contacts from mail clients.
I would prefer if this information were not made public though... so I want to require authentication.

But Zimbra seems to use LDAP internally without authentication, and adding "require authc" to slapd.conf seems to stop mail sending etc from working

LDAP Security ? suggests blocking access to LDAP with the firewall but then people can't use it externally at all

Is there any way to configure openldap to do this or should I be filing something in bugzilla?

**quanah** · 01-11-2008, 11:32 PM

A bug for this already exists:

Bug 15378 - Obviate the need for and disallow LDAP anonymous binds

It is not currently resolved. You can with 5.0.0 and up work on disabling anonymous access to most things by manually customizing the ACLs. I think what you are really trying to do is also tied in with:

Bug 16601 - Secure Access To LDAP

So you have secure connections without anonymous binds.

**davidfraser** · 02-06-2008, 11:26 PM

Yay, voted for the bugs and waiting for the switch to make it into the 5.0 series - will be much easier than trying to patch all the LDAP config myself. Thanks for the feedback...

Zimbra

Thread: Restricting LDAP permissions

LinkBack

Thread Tools

Search Thread

Display

Restricting LDAP permissions

Thanks

Thread Information

Users Browsing this Thread

Similar Threads

Zimbra Install Problem - getDirectContext

3 testing: LDAP: 389 Failed when restore zimbra

Mac OSX install: Java errors & LDAP CA error

Can't get ride of Initializing ldap...FAILED (256) error

MTA is Dying after yum update

Posting Permissions