LDAP questions

  • From: "A. Michael Salim" <msalim@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Feb 2004 09:47:39 -0500 (EST)


In running a routine security scan analysis of one of our exchange servers
I got these warnings (see end of email).  How do I disable "NULL BASE
queries" and "NULL BIND" on the "LDAP Server" ?  Usual searches did not
turn up anything for me hence my post to this list.

TIA and best regards

Improperly configured LDAP servers will allow the directory BASE to be set
to NULL.  This allows information to be culled without any prior knowledge
of the directory structure.  Coupled with a NULL BIND, an anonymous user
can query your LDAP server using a tool such as 'LdapMiner'
Solution: Disable NULL BASE queries on your LDAP server

Improperly configured LDAP servers will allow any user to connect to the
server and query for information.
Solution: Disable NULL BIND on your LDAP server

Other related posts:

  • » LDAP questions