[Samba] samba4 anonymous ldap search

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 17 07:47:26 MST 2014


On 17/01/14 13:49, mourik jan heupink wrote:
> Hi,
>
> I found some discussion here in 2010 about allowing/disallowing 
> anonymous ldap access in samba4, however, nothing much recent comes up.
>
> I see that my samba4 does not allow anonymous access. Is there a way 
> to enable it in samba4, like the way we had it with samba3/openldap?
>
> (we restricted access to sensitive info, but allowed anon search 
> access to many user details like mail addresses, etc, etc)
>
> Regards,
> MJ
Hi, whilst you cannot do anonymous access, what your users can do is 
read the entire AD database:

  ldapsearch -x -H ldap://dc.example.com:389 -b DC=example,DC=com -D 
CN=username,CN=Users,DC=example,DC=com -w usernames-password

This is from a linux machine, but no doubt it is possible to do 
something similar from a windows box

Rowland


More information about the samba mailing list