directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eugene Prokopiev <...@itx.ru>
Subject Re: How to disable anonymous access for embedded ApacheDS
Date Fri, 23 Nov 2012 05:06:23 GMT
2012/11/22 Pierre-Arnaud Marcelot <pa@marcelot.net>

>
> It should be complicated to disable anonymous access on 2.0.
>

Is possible to restrict anonymous read access only to userPassword field
and write access for anybody except admin account?

How can I implement with ApacheDS something like:

access to attrs=userPassword
    by self write
    by anonymous auth
    by * none

access to *
    by * read

in OpenLDAP?

--
Regards,
Eugene Prokopiev


>
> Regards,
> Pierre-Arnaud
>
>
> On 22 nov. 2012, at 14:09, Eugene Prokopiev <enp@itx.ru> wrote:
>
> > Hi,
> >
> > Is it possible to disable anonymous access for embedded ApacheDS? I tried
> > to do this:
> >
> > public class Application {
> >    public static void main(String[] args) throws Exception {
> >        DirectoryService directory = new DefaultDirectoryService();
> >        directory.startup();
> >        LdapServer ldap = new LdapServer();
> >        ldap.setDirectoryService(directory);
> >        ldap.setAllowAnonymousAccess(false);
> >        ldap.setTransports(new TcpTransport(10389));
> >        ldap.start();
> >    }
> > }
> >
> > But result was:
> >
> > $ ldapsearch -h localhost -p 10389 -x -b "ou=system"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <ou=system> with scope subtree
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # system
> > dn: ou=system
> > objectClass: organizationalUnit
> > objectClass: extensibleObject
> > objectClass: top
> > ou: system
> >
> > ...
> >
> > I used version 1.5.5, because 2.0 is not released now and 1.5.7 requires
> > more verbose code. Is it possible to disable anonymous access with 1.5.7
> or
> > 2.0?
> >
> > --
> > Regards,
> > Eugene Prokopiev
>
>


-- 
С уважением,
Прокопьев Евгений

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message