28.3. Disabling Anonymous Binds
- Change the
ldapmodify -x -D "cn=Directory Manager" -w secret -h server.example.com -p 389 Enter LDAP Password: dn: cn=config changetype: modify replace: nsslapd-allow-anonymous-access nsslapd-allow-anonymous-access: rootdse
ImportantAnonymous access can be completely allowed (on) or completely blocked (off). However, completely blocking anonymous access also blocks external clients from checking the server configuration. LDAP and web clients are not necessarily domain clients, so they connect anonymously to read the root DSE file to get connection information.The
rootdseallows access to the root DSE and server configuration without any access to the directory data.
- Restart the 389 Directory Server instance to load the new setting.
service dirsrv restart