Then I suppose we will get around to changing this. . .eventually.
Originally Posted by sasha
Why? Am I missing something? See below.
I think it is pretty obvious that anonymous LDAP should be allowed to be disabled.
Ever heard of windows 2000? It does the same thing. It got changed in 2003.
In your zimbra code , you are asking for data anonymously instead of binding with username and password ... that's just lazy code and has nothing to do with necessity.
I told you why in my first comment.
And I have searched this forum and everybody's questions on this issue HAVE NOT BEEN ANSWERED OR EXPLAINED . And this has been going for who knows how many years . Finally we get to hear from someone that it is simply NOT POSSIBLE . The reason is still not divulged however except that it doesn't take a genius that it is LAZY CODE .
If you truly feel like our code is LAZY, then we respectfully ask you to quit using it.
"Bind DN: specify a bind DN or leave it blank for anonymous bind"
- Fedora Directory server allows anon bind. Perhaps their code is lazy too.See:this post
"Clients authenticate to an LDAP server by attempting a bind operation. A connection between the client and the server is established if the bind is successful. As part of the bind request, the client chooses which authentication method it wants to use and supplies the credentials required by that method. If a method is not specified, credentials are not sent and the client is bound as an anonymous user."
- So does Solaris. From THEIR docs:
See: http://www.sun.com/blueprints/1200/ldap-security.pdf "This choice runs a small subsystem that allows you to add or delete LDAP servers from the list, but not change the settings on an existing one. To add our server, press "+" and answer the questions as they come up.
The default is fine for all other settings. Since we are only searching, we can leave binddn blank, for anonymous bind."
Hmm. O'Reilly, a well established Expert didn't seem to have a problem with it.
So, don't come into OUR forums and tell us that OUR CODE is LAZY when Apple, Sun, and RedHat all allow the same thing!! That's just tacky, and quite honestly makes me very mad.
If you want the ability to change it, I suggest you file an enhancement.
Otherwise, this thread is locked, and you can pvt me directly with any concerns or questions.