Results 1 to 5 of 5

Thread: LDAP anonymous binds dangerous?

  1. #1
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default LDAP anonymous binds dangerous?

    Hi all!

    I've configured a server to use LDAP authentication and checking the LDAP server configuration I disabled the acceptance of anonymous Bind Requests.

    Once I did this, KDE started asking for LDAP credentials (like a login), so I suppose it's using anonymous Bind Requests to retrieve information from the server.

    I find that window requesting LDAP credentials a bit annoying but at the same time I'd like to avoid anonymous Bind Requests.

    Do you think it's OK to allow them?

    Best regards,
    Jorge

  2. #2
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: LDAP anonymous binds dangerous?

    That depends on your networking environment. You didn't provide many details.

  3. #3
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: LDAP anonymous binds dangerous?

    Hi, smpoole7! Thanks for answering.

    You're right, I didn't give many details, sorry.

    In fact it's a server in a small network and LDAP is being used locally only (local authentication on the system, ftp authentication and web site access authentication). LDAP ports are closed on the firewall and they're not forwarded on the router.

    I don't foresee any need to access the LDAP directory from outside, so I believe the ports will remain closed.

    Best regards,
    Jorge

  4. #4

    Default Re: LDAP anonymous binds dangerous?

    If you add TLS there should be less of a possibility that a MITM is recording the session.

  5. #5
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: LDAP anonymous binds dangerous?

    Hi jengelh!

    Thanks for your reply.

    Ok, in that case I think there's no reason to worry too much, because I have in deed configured TLS.

    There's one thing, though, that keeps me puzzled. If I uncheck the LDAP option on the YAST LDAP server (leaving the LDAPS checked), even if I tell the YAST LDAP client to connect using TLS, it'll say that it cannot connect! Any idea?

    Best regards,
    Jorge

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •