Commit 3ccd4fe7 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Import "disable bind_anon" clarifications from HEAD

parent a7b1d7a6
......@@ -46,6 +46,7 @@ OpenLDAP 2.3.22 Release
Fixed test033-glue-syncrepl overlay detection (ITS#4544)
Documentation
Fixed slapd(8) logging header reference (ITS#4509)
Clarified slapd.conf(5) "disable bind_anon" feature
OpenLDAP 2.3.21 Release
Fixed libldap referral chasing issue (ITS#4448)
......
......@@ -117,15 +117,18 @@ The LDAP "simple" method has three modes of operation:
* unauthenticated, and
* user/password authenticated.
Anonymous access is obtained by providing no name and no password
to the "simple" bind operation. Unauthenticated access is obtained
by providing a name but no password. Authenticated access is obtain
by providing a valid name and password.
Anonymous access is requested by providing no name and no password
to the "simple" bind operation. Unauthenticated access is requested
by providing a name but no password. Authenticated access is
requested by providing a valid name and password.
An anonymous bind results in an {{anonymous}} authorization
association. Anonymous bind mechanism is enabled by default, but
can be disabled by specifying "{{EX:disallow bind_anon}}" in
{{slapd.conf}}(5).
{{slapd.conf}}(5). Note that disabling the anonymous bind mechanism
does not prevent anonymous access to the directory. To require
authentication to access the directory, one should instead
specify "{{EX:require authc}}".
An unauthenticated bind also results in an {{anonymous}} authorization
association. Unauthenticated bind mechanism is disabled by default,
......
......@@ -407,7 +407,8 @@ Base scoped search requests with an empty base DN are not affected.
Specify a set of features (separated by white space) to
disallow (default none).
.B bind_anon
disables acceptance of anonymous bind requests.
disables acceptance of anonymous bind requests. Note that this setting
does not prohibit anonymous directory access (See "require authc").
.B bind_simple
disables simple (bind) authentication.
.B tls_2_anon
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment