GAL Access Password?

[blaze]

Hi guys,

Just a question about something I have not been able to find up to now. When you open the LDAP port to allow GAL lookups in Thunderbird, you do not need to type in a username and the LDAP is running on a non-secure port. Is there an easy way to change these settings on the server so that users can access the port 636 (LDAPS) and are required to enter a password to do GAL lookups?

Many thanks,
Gary

[dwmtractor]

This is an identified issue. See this thread.
Restricting LDAP permissions

It's been registered as a bug, and you can add your vote or comments on bugzilla:
Bug 15378 - Obviate the need for and disallow LDAP anonymous binds

See also
Bug 16601 - Secure Access To LDAP

In other words, you're not the only one with this concern, and it will be addressed but is not fixed at this time.

In the meantime, is your concern having public access from the outside world, or also securing the GAL within your own network? If the former, firewalling the server and not permitting port 389 access except from the LAN will provide some level of security; then outside users would have to log into a VPN (or simply use the web client--ssl only--from outside) before accessing their mail. May not be ideal from your architecture but it will certainly work from a security perspective.

Cheers,

Dan

[blaze]

Hi Dan,

Many thanks for your response. I shall vote on the bug and notify our client of the current status.

Best regards,
Gary