Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 88A46EAEE for ; Sat, 2 Feb 2013 05:03:34 +0000 (UTC) Received: (qmail 48607 invoked by uid 500); 2 Feb 2013 05:03:34 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 48341 invoked by uid 500); 2 Feb 2013 05:03:33 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 48308 invoked by uid 99); 2 Feb 2013 05:03:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 Feb 2013 05:03:32 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ayyagarikiran@gmail.com designates 209.85.210.176 as permitted sender) Received: from [209.85.210.176] (HELO mail-ia0-f176.google.com) (209.85.210.176) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 Feb 2013 05:03:28 +0000 Received: by mail-ia0-f176.google.com with SMTP id i18so6237131iac.21 for ; Fri, 01 Feb 2013 21:03:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=oXR65iPWDsI8u+Lpp7FzKw9UDHm0Mdjgpfu9p9n6kzE=; b=grrS1EplSsqWY7Sy+eaepb77/+fU3dfcLCEyk/HuZ9r8RbluFq9qqIo3aRoO23MAcm B06QBkAv9dMt64wQmh5x6rBUw/DU4V06dHWfr0gfMfZE3N5UgTRpPxYCqlU43UC/1z/C xMTBv7ZpTZ/kNAJXlyQZUyXYGXq+QZlV/eBxTnVcj+j1OhWfPNnXc58gMVYse717NIyN +wUlmGftO/+zeRvEw9sVTT606G89+hDNg00XGTnSHi7c3PwsUQT2gMzxAs4dPP5Niwfb A4aKgjF6nihOdZtchHry+x47xbk8DXf06tvVuXSqwCaf8wpfGzbayKZ5sSFx0IhLIT6k 3A/w== MIME-Version: 1.0 X-Received: by 10.50.5.239 with SMTP id v15mr702927igv.41.1359781387802; Fri, 01 Feb 2013 21:03:07 -0800 (PST) Sender: ayyagarikiran@gmail.com Received: by 10.231.72.67 with HTTP; Fri, 1 Feb 2013 21:03:07 -0800 (PST) In-Reply-To: References: Date: Sat, 2 Feb 2013 10:33:07 +0530 X-Google-Sender-Auth: LGnm9y8di1BplyKAc-SBtQdNkvk Message-ID: Subject: Re: Is there a way to disable anonymous access to rootDSE From: Kiran Ayyagari To: users@directory.apache.org Content-Type: multipart/alternative; boundary=e89a8f502cd69796c104d4b6c64b X-Virus-Checked: Checked by ClamAV on apache.org --e89a8f502cd69796c104d4b6c64b Content-Type: text/plain; charset=ISO-8859-1 no, this is not currently possible On Sat, Feb 2, 2013 at 3:22 AM, Hammond, Steven wrote: > We need to satisfy a requirement that takes issue with being able to see > who the vendor of the directory server is without authenticating first. I > think it will be a problem since authenticating uses SASL and rootDSE shows > the SASLmechanisms allowed, but maybe someone knows a way. > Requirement is related to this page. > http://www.stigviewer.com/check/V-14797 > Thank you. > -- Kiran Ayyagari http://keydap.com --e89a8f502cd69796c104d4b6c64b--