Redhat Directory Server search changing

Latest response

HI 

 

please let me know if it is possible to restrict the directory service to allow anonymous search of the Directory users but disable enumeration(listing) of all the user in the directory.

we have an existing setup and i am not an expert on this product

 

Regards,

Ben

Responses

You can set anonymous specific limits,  For eg:

create a template entry to specify limits for anonymous.

cn=anonymous-limits,dc=example,dc=com
objectClass: top
objectClass: nscontainer
nsslapd-sizelimit: 50

and set nsslapd-anonlimitsdn (under cn=config) to the above template entry.

nsslapd-anonlimitsdn: cn=anonymous-limits,dc=example,dc=com

With the above configuration, the maximum number of entries returned for an anonymous query would be 50.

Refer: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/Core_Server_Configuration_Reference.html  (Check section 3.1.1.20. nsslapd-anonlimitsdn )

Hope this helps.