/etc/ldap/slapd.d/cn=config/cn=schema

• cn={2}nis.ldif wegbewegen
• rfc2307bis.ldif.txt runterladen, in “cn={2}rfc2307bis.ldif” umbenennen
• rechte korrigierren!
• service slapd restart

source: http://www.heinlein-support.de/blog/howto/ldap-und-unix-gruppen/ , korrekturen von https://debianforum.de/forum/viewtopic.php?f=32&t=151686

file content “frontend.ldif”:

dn: olcDatabase={-1}frontend,cn=config
add: olcRequires
olcRequires: authc

file content “backend.ldif”:

dn: olcDatabase={1}hdb,cn=config
add: olcRequires
olcRequires: authc

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f frontend.ldif
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f backend.ldif

Testen:

ldapsearch -x -LLL -H ldap:/// -b dc=domain,dc=com dn

Bei der Ausgabe von

Server is unwilling to perform (53)
Additional information: authentication required

hats geklappt

source: http://serverfault.com/questions/325912/disallow-global-anonymous-bind-with-cn-config/476429#476429