I do suggest you try the new directory administrator package as Buchan said. We want to be able to run openldap with as little configuration changes as possible.
I'm not sure if there are security issues with these setting, but it does sound like it:thanks I should try it on Monday, which security issues does you mean??
From slapd.conf(5) man page:
allow <features>
Specify a set of features (separated by white space) to allow
(default none). bind_v2 allows acceptance of LDAPv2 bind
requests. Note that slapd(8) does not truely implement LDAPv2
(RFC 1777), now Historic (RFC 3494). bind_anon_cred allows
anonymous bind when credentials are not empty (e.g. when DN is
empty). bind_anon_dn allows unauthenticated (anonymous) bind
when DN is not empty. update_anon allow unauthenticated (anony-
mous) update operations to be processed (subject to access con-
trols and other administrative limits).
As you can see, some annoymous actions are allowed with these options. There may be cases where the information stored in the LDAP is to be kept confidential and you only want authenticated requests to be able to access it. My concern is that with these options: bind_anon_cred bind_anon_dn (not: bind_v2) information leakage may be possible.
I needed my LDAP to work again quickly (also using autofs) and this made it happen... If you copy these settings, I suggest you look into the *possible* consequences --> I won't accept responsibility if these setting lead to your LDAP server being opened up.
Regards,
Stefan
Regards
Falko
On Sat, 26 Jul 2003 01:49:31 +0200
Stefan van der Eijk <[EMAIL PROTECTED]> wrote:
Add the following line to the end of /etc/openldap/slapd.conf:
allow bind_anon_cred bind_anon_dn bind_v2
It works for me (I had the same issues) but there may be security consequences with this configuration.
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
