-
|
Hey folks, i would try to provide a ldif file based on https://serverfault.com/a/476429 to disable the anonymous bind. but; is there any shortcut (or better way) i did not found in the docs? If not, do you think it would make sense to implement a shortcut? i could imagine that many people are not aware that the anon bind is enabled by default, and if there would be a shortcut in the docs people would happily use it then. thanks for any input. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
This Script should help you to disable anonymous login Any suggestions for improvements are welcome ❤️ #!/bin/bash
# disable the anonymous bind/login enabled by default
# Based on https://serverfault.com/questions/325912/disallow-global-anonymous-bind-with-cn-config/476429#476429
# SETUP
CONTAINER_NAME_OPENLDAP=ldap
# Disable fronted anonymous login
docker exec ${CONTAINER_NAME_OPENLDAP} bash -c "cat <<EOT >>/tmp/disable_anon_frontend.ldif
dn: olcDatabase={-1}frontend,cn=config
add: olcRequires
olcRequires: authc
EOT"
docker exec ${CONTAINER_NAME_OPENLDAP} ldapmodify -Q -Y EXTERNAL -H 'ldapi:///' -f /tmp/disable_anon_frontend.ldif
# Disable backend anonymous login
docker exec ${CONTAINER_NAME_OPENLDAP} bash -c "cat <<EOT >>/tmp/disable_anon_backend.ldif
dn: olcDatabase={1}mdb,cn=config
add: olcRequires
olcRequires: authc
EOT"
docker exec ${CONTAINER_NAME_OPENLDAP} ldapmodify -Q -Y EXTERNAL -H 'ldapi:///' -f /tmp/disable_anon_backend.ldif |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/tiredofit/docker-openldap/blob/master/CHANGELOG.md#724-2022-03-01-
Seems to be fixed for good now :) ❤️ |
Beta Was this translation helpful? Give feedback.
This Script should help you to disable anonymous login
I am not an expert on LDAP ldif scripts; Please review before use.
Any suggestions for improvements are welcome ❤️