Differences

This shows you the differences between two versions of the page.

--- ldap [2015/05/25 00:02] – angelegt gevatter
+++ ldap [2016/03/20 23:42] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-====== rfc2307bis mit openldap ======
+===== rfc2307bis mit openldap =====
   /etc/ldap/slapd.d/cn=config/cn=schema
@@ Line 6: / Line 6: @@
   * {{:wiki:rfc2307bis.ldif.txt|}} runterladen, in "cn={2}rfc2307bis.ldif" umbenennen
   * rechte korrigierren!
-  * Listenpunkt
+  * service slapd restart
 source: http://www.heinlein-support.de/blog/howto/ldap-und-unix-gruppen/ , korrekturen von https://debianforum.de/forum/viewtopic.php?f=32&t=151686
+===== Anonymen Zugriff deaktivieren =====
+file content "frontend.ldif":
+  dn: olcDatabase={-1}frontend,cn=config
+  add: olcRequires
+  olcRequires: authc
+file content "backend.ldif":
+  dn: olcDatabase={1}hdb,cn=config
+  add: olcRequires
+  olcRequires: authc
+  ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f frontend.ldif
+  ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f backend.ldif
+Testen:
+  ldapsearch -x -LLL -H ldap:/// -b dc=domain,dc=com dn
+Bei der Ausgabe von
+  Server is unwilling to perform (53)
+  Additional information: authentication required
+hats geklappt
+source: http://serverfault.com/questions/325912/disallow-global-anonymous-bind-with-cn-config/476429#476429