How to ensure client authentication work with 389 server with anonymous bind disabled?

Asked Mar 04 '19 at 19:15

Active Mar 04 '19 at 19:15

Viewed 489 times

While working on Internal PT for PCI DSS compliance, it flags that LDAP (389 server, FreeIPA) the anonymous bind is allowing listing list of user accounts.

Many searches are leading to setting up

nsslapd-allow-anonymous-access: off

nsslapd-allow-anonymous-access: rootdse

But changing this appears to be breaking the authentication at the clients using this LDAP server for authentication. The id, getent does not return any information.

How should we secure the LDAP server while making sure that the central authentication continues to work properly?

asked Mar 04 '19 at 19:15

MPN

Have you considered configuring the clients to use authentication? – Jenny D Mar 04 '19 at 19:33
I had been searching for a way to configure it, but the `authconfig-tui` does not provide any such option. Any pointer will help. – MPN Mar 05 '19 at 03:10

How to ensure client authentication work with 389 server with anonymous bind disabled?

0 Answers0