Chapter 36. Disabling Anonymous Binds
- Change the
$ ldapmodify -x -D "cn=Directory Manager" -W -h server.example.com -p 389 -ZZ Enter LDAP Password: dn: cn=config changetype: modify replace: nsslapd-allow-anonymous-access nsslapd-allow-anonymous-access: rootdse modifying entry "cn=config"
ImportantAnonymous access can be completely allowed (on) or completely blocked (off). However, completely blocking anonymous access also blocks external clients from checking the server configuration. LDAP and web clients are not necessarily domain clients, so they connect anonymously to read the root DSE file to get connection information.The
rootdseallows access to the root DSE and server configuration without any access to the directory data.
- Restart the 389 Directory Server instance to load the new setting.
# systemctl restart dirsrv.target