LDAP-NullBase Anonymous Access

M

Marty Henderson

There is a known LDAP "hole" which allows anonymous root query to any LDAP
server. ( See http://xforce.iss.net/xforce/xfdb/1425 ) Is there a way, in a
Windows 2000 Server Active Directory domain, to plug LDAP null/anonymous
access? This is on a government contract installation and the security folks
are "nervous" about it, even if no real useful domain info is returned by
the query.

Thanks,

Marty Henderson
 
R

Robin Caron

I think that if you read the RFC you'll see that an LDAP compliant directory
must allow anonymous access to this information.

For that reason there is no way to restrict access to this information with
Windows 2000.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LDAP-NullBase 1
browse Ldap as Anonymous!!! 3
Insufficient Rights to Modify LDAP Policy? 3
COMException 0x80072020 with LDAP Query 1
LDAP / DirectoryEntry.Bind problems 1
schannel errors when making ssl conn. from asp.net app to ldap ser 0
Network access issue in Home Network 2
asp page that query Exchange ldap attributes (Error 70 with External account) 1

Top