Disable anonymous ldap bind to Active directory

  • Thread starter Thread starter Dejan Gambin
  • Start date Start date
D

Dejan Gambin

Hello,

I am trying to disable anonymous ldap bind to AD but have no success.
There are three things I have noticed:

1. If I try to bind as existing user, than the password must match
even if it is blank

2. If I try to bind as non-existing user with non-blank password, it
fails

3. If I try to bind as non-existing user with blank password it passes
and I do not want that.

How can I disable this?

By the way, I am using ldap_bind php function to do binding...

Thanks in advance

Dejan Gambin
 
Are you perhaps hitting the rootDSE? This information is supposed to be
public and available to anyone.
 
Simon Geary said:
Are you perhaps hitting the rootDSE? This information is supposed to be
public and available to anyone.
Click to expand...

Well, if I understand right, rootDSE is retrieved from LDAP server by
doing a base-level search with a null basedn. I am using
"DC=mycompany, DC=local" basedn when searching with ldap_search
function, but first I connect using ldap_connect to my server on port
389 and then ldap_bind with username/password. So I really don't know
if I am hitting the rootDSE or not??

Regards, Dejan
 
Back
Top