robinsonbpc
asked on
Setup ACL for LDAP Null Base on Windows 2000
I ran ISS on one of my servers and got the following:
LDAP NullBase: LDAP null base returns information
If LDAP allows NULL base in an LDAP search, a user can submit a search that returns information on namingContexts and supported controls. An attacker could use this information to access directory listings and plan further attacks.
Remedy: Set up an access list control to prevent users from dumping the base of the tree or issuing a request without knowing the base object.
My question is where and how do I do this and will it adversely affect my clients (they are 98 & 2000).
Thanks.
Please also see my question regarding inverse queries on 2k dns.
LDAP NullBase: LDAP null base returns information
If LDAP allows NULL base in an LDAP search, a user can submit a search that returns information on namingContexts and supported controls. An attacker could use this information to access directory listings and plan further attacks.
Remedy: Set up an access list control to prevent users from dumping the base of the tree or issuing a request without knowing the base object.
My question is where and how do I do this and will it adversely affect my clients (they are 98 & 2000).
Thanks.
Please also see my question regarding inverse queries on 2k dns.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER