disable NULL BIND on your LDAP server

[Doug Fox]

Used NESSUS scanned a server. It issued a warning saying that "ldap
(389/tcp) - improperly configured LDAP servers will allow any user to
connect to the server and query for information. The solution is to
"disable NULL BIND on your LDAP server."

Did google many times, search results only show the
"suggestion/recommendation", but none of them show the steps to disable it.

Could someone please point me to a place where I can obtain the steps.

Thanks,

 

[Jorge_de_Almeida_Pinto]

Used NESSUS scanned a server. It issued a warning saying that
"ldap
(389/tcp) - improperly configured LDAP servers will allow any
user to
connect to the server and query for information. The solution
is to
"disable NULL BIND on your LDAP server."

Did google many times, search results only show the
"suggestion/recommendation", but none of them show the steps
to disable it.

Could someone please point me to a place where I can obtain
the steps.

Thanks,

Take a look at:
MS-KBQ320528_How to configure Active Directory to allow anonymous
queries
http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm

 

[Joe Richards [MVP]]

You can't disable anonymous/NULL bind. LDAP V3 requires it for the rootdse.
However, a null bind doesn't necessarily give you access to domain or config
data. In fact, if you are running Windows Server 2003 AD you have to
specifically enable anonymous access on the ACLs to retrieve data.