/etc/ldap/slapd.d/cn=config/cn=schema
source: http://www.heinlein-support.de/blog/howto/ldap-und-unix-gruppen/ , korrekturen von https://debianforum.de/forum/viewtopic.php?f=32&t=151686
file content “frontend.ldif”:
dn: olcDatabase={-1}frontend,cn=config
add: olcRequires
olcRequires: authc
file content “backend.ldif”:
dn: olcDatabase={1}hdb,cn=config
add: olcRequires
olcRequires: authc
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f frontend.ldif ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f backend.ldif
Testen:
ldapsearch -x -LLL -H ldap:/// -b dc=domain,dc=com dn
Bei der Ausgabe von
Server is unwilling to perform (53) Additional information: authentication required
hats geklappt
source: http://serverfault.com/questions/325912/disallow-global-anonymous-bind-with-cn-config/476429#476429