Overview#

This page describes the process to protect the DS from anonymous access.

Manual Procedure#

Edit the DS configuration to disable anonymous binds:

$ ldapmodify -x -D "cn=Directory manager" -w Secret.123
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: off

Restart the DS:

$ systemctl restart dirsrv@pki-tomcat.service

Verify with the following command:

$ ldapsearch -x -b "" -s base
ldap_bind: Inappropriate authentication (48)
        additional info: Anonymous access is not allowed

References#