s4 anonymous LDAP binds
lukas at dcs.qmul.ac.uk
Mon Jul 5 10:35:28 MDT 2010
I have noticed that s4 (func level 2008) allows anonymous ldap binds by
ldapsearch -x -h my.s4.host -b my.base.dn CN=username
prints quite a lot of information about username
I was under the impression that the anonymous binds are not allowed
The document also includes information on how to enable them -
dsHeuristics attribute mentioned in the above article does not seem to
be defined by default (which should default to 0's across the board i
believe?) so the anonymous binds should not be allowed.
Am I missing or doing something wrong?
What shall one change in order to disable them?
More information about the samba-technical