Solved

AD LDAP Configuration - security settings

Posted on 2003-11-21
2
688 Views
Last Modified: 2012-05-04
Please, advice how to deal with the LDAP config.

We installed Test AD server to make internet access authorization through LDAP, it's now in the 'local' zone. DNS isn't installed there.

Now LDAP works, but:

1. Server accepts anonymous LDAP queries or queries with any Username if password is blank.
2. Server refuses to accept queries with any username/ passwords, correct or incorrect, if passwrord isn't blank.
3. Server doesn't accept SSL calls to port 636.

We need just opposite reaction to 1, 2, 3.

I understand that I missed a screen at installation and it should be something primitive, but where to look at?

Thanks,
Mike
0
Comment
Question by:MLSmnv
2 Comments
 
LVL 1

Accepted Solution

by:
MLSmnv earned 0 total points
ID: 9838358
OK, Looks like the site isn't so popular as it used to be. Well, if anybody else would need it:

The main trick was in the username syntax. We experimented with test AD which didn't have a standard Internet name, so to get it accepted we needed to use
      username="eweb\atest"
                or
               username="atest@eweb.local".

Our first breakthrough after the week of experiments was the

username="CN=<AD FULL NAME>,CN=Users,DC=eweb,DC=local"

This is fun, why this damn piece of explanation wasn't published yet:

<CFLDAP
    SERVER="199.128.236.10"
      ACTION="Query"
      START="CN=Users,DC=eweb,DC=local"
      scope="subtree"
      NAME="results"
      ATTRIBUTES="cn,dc,name,dn"
      username="eweb\atest2"
      password=""
      secure="CFSSL_BASIC"
      port="636"
      >


If you deal with LDAP, remember that the blank password makes you "anonymous", whatever you use for the username.

In accordance with the LDAP v3 RFC 2251, an LDAP bind in which a username is provided but a password is not [ie. blank] is treated as an anonymous bind. This means that a bind is granted to users providing a username but no password.


Mike
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question