Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: disable anonymous LDAP access

  1. #1
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default disable anonymous LDAP access

    How to DISABLE anonymous bind/access to LDAP ? I've tried a few things in slapd.conf but it doesn't work .

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    You can use ipchains to restrict/firewall on the zimbra box.
    It's open for browsing email address book.

  3. #3
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default

    Thanks . Unfortunately this is not an option because we want external AUTHORIZED NON-ANONYMOUS bind to still be available .

  4. #4
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default

    That is , we can't use the firewall ... is there not a way to change the config in slapd.conf or ldap.conf ? It appears no-one has figured this out yet which is kind of odd .

  5. #5
    kibo is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    21
    Rep Power
    9

    Default

    Well, I also had this issue for a long time. I resorted to use a firewall to block outside access and pass internal IPs. I first wanted to assign another internal IP to the server so that local users can access and and block outsiders based on that. But OpenLDAP only listens on one IP and I couldn't figure out how to make it listen on other IPs as well. So I ended up doing a special routing for local IPs on the router plus the firewall to prevent connections from Internet. Kind of messy, but works.

  6. #6
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default

    Kibo , I am sorry but I just said that firewall is not an option for me . I need external access ( but authenticated access ) . If anyone has figured out how to modify the config files for ldap , please let me know .

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    As far as I know it's anonymous bind only at the moment. I'd suggest you search bugzilla for any relevant feature requests, if there isn't one then file an entry and vote on it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default

    OK , but does anyone have an explanation why and how this is the case ? I mean OpenLDAP should be separate from zimbra itself and the config file should be modifiable ( although I have had no luck ) .

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    No, it's not seperate from Zimbra - it's part of the package that is Zimbra. It's there and anonymous so we can get at the details that Zimbra stores in it.

    Did you vote for the bug in bugzilla? You can also add your comments to it as well.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    sasha is offline Loyal Member
    Join Date
    May 2006
    Posts
    81
    Rep Power
    8

    Default

    OK , so you locked in anonymous LDAP somehow ... some trick . I will get to bugzilla eventually this week but I think it is pretty obvious that anonymous LDAP should be allowed to be disabled .

    In your zimbra code , you are asking for data anonymously instead of binding with username and password ... that's just lazy code and has nothing to do with necessity .

    And I have searched this forum and everybody's questions on this issue HAVE NOT BEEN ANSWERED OR EXPLAINED . And this has been going for who knows how many years . Finally we get to hear from someone that it is simply NOT POSSIBLE . The reason is still not divulged however except that it doesn't take a genius that it is LAZY CODE .

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Anonymous access to LDAP server? security flaw?
    By gsilver in forum Administrators
    Replies: 7
    Last Post: 12-20-2007, 06:52 AM
  2. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. Replies: 4
    Last Post: 11-15-2006, 12:16 PM
  5. Enable clear text login - Server error encountered
    By czaveri in forum Installation
    Replies: 14
    Last Post: 03-06-2006, 05:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •