Results 1 to 5 of 5

Thread: LDAP Security ?

  1. #1
    raj's Avatar
    raj
    raj is offline Moderator
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default LDAP Security ?

    Question is about why LDAP server allows “Anonymous” access to all data..
    We don’t have firewall but even if we block the port, LDAP in still open to INTERNAL NETWORK.
    Why default setting of Zimbra is “Anonymous” access to all LDAP data

    Problem:
    1) Download any LDAP Explorer tool (ie: windows .net tool ASP-DEv XM LDAP Explorer http://www.asp-dev.com/main.asp?page=200 )
    2) only put INTERNAL or EXTERNAL IP of zimbra LDAP server (no username password) and you can access all LDAP data and usernames

    How can we enable AUTH in LDAP so no data is visible thru “Anonymous” access from any network internal or external.

    Can anyone confirm this behavior and what can we do to stop this to make it more secure.

    Thanks
    Raj

  2. #2
    LucD is offline Starter Member
    Join Date
    Jan 2007
    Location
    Zurich, Switzerland
    Posts
    1
    Rep Power
    8

    Question

    I can confirm this (mis)behaviour.

    It would be great to keep listening the LDAP Server on a public interface and restrict access to authenticated users with browsing restricted to the GAL of the users domain/organization. This would allow users of Thunderbird and other LDAP enabled MUA to use the GAL.

    Unfortunately I'm not a LDAP guru.

    If someone has a cookbook for that issue, please post ist here.

    Thanks,

    Luc

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,484
    Rep Power
    56

    Default

    If you consider this behaviour to be a problem then file an RFE in bugzilla
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    We're currently investigating, and will have a followup soon.

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    It is open for browsing email address book.
    You can use ipchains to restrict/firewall on the zimbra box.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-12-2008, 12:52 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  3. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  4. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM
  5. Replies: 4
    Last Post: 11-15-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •