s4 anonymous LDAP binds
Lukasz Zalewski
lukas at dcs.qmul.ac.uk
Mon Jul 5 10:35:28 MDT 2010
Hi all,
I have noticed that s4 (func level 2008) allows anonymous ldap binds by
default, i.e.
ldapsearch -x -h my.s4.host -b my.base.dn CN=username
prints quite a lot of information about username
I was under the impression that the anonymous binds are not allowed
(http://technet.microsoft.com/en-us/library/cc816788%28WS.10%29.aspx) -
The document also includes information on how to enable them -
dsHeuristics attribute mentioned in the above article does not seem to
be defined by default (which should default to 0's across the board i
believe?) so the anonymous binds should not be allowed.
Am I missing or doing something wrong?
What shall one change in order to disable them?
Many Thanks
Luk
More information about the samba-technical
mailing list