Hi,
Using PhpLdapAdmin to Manage the LDAP directory outside of the DSM Gui, I was able to authenticate anonymously.
This is not desirable as anyone could then see users account information (ie. email address, First/Last Name).
Please make this require authentication when the final 3.2 version is released.
Thank You.
LDAP - Anonymous Login = :(
4 posts
• Page 1 of 1
LDAP - Anonymous Login = :(
by 2326766 » Mon Aug 22, 2011 6:11 am
- 2326766
- Sharp
- Posts: 157
- Joined: Wed Apr 30, 2008 2:28 pm
Re: LDAP - Anonymous Login = :(
by Frankh » Thu Sep 01, 2011 10:24 am
Did you also fill in the DSM 3.2 beta Feedback form on the Synology website? That's the best / fastest way to report bugs.
DS107 DSM 3.1-1636; 1x WD10EADS GP; IP-cameras Panasonic BL-C1 and BL-C101; APC Back-UPS ES 700; USB disk for data backup;
DS209 DSM 3.1-1594; 2x WD15EADS GP 1500.299.234.816 bytes SATA II 32 MB cache in RAID 1; American Power Conversion RS 800; two USB disks for data backup; Synology Remote and Creative SB Connect; Netgear GS105 Gigabit Ethernet Switch; aLaptop, iMac, uPC; a common modem/router/firewall; a dose of common sense ;)
DS209 DSM 3.1-1594; 2x WD15EADS GP 1500.299.234.816 bytes SATA II 32 MB cache in RAID 1; American Power Conversion RS 800; two USB disks for data backup; Synology Remote and Creative SB Connect; Netgear GS105 Gigabit Ethernet Switch; aLaptop, iMac, uPC; a common modem/router/firewall; a dose of common sense ;)
-
Frankh - Enlightened
- Posts: 417
- Joined: Sun Aug 31, 2008 8:59 am
- Location: Netherlands
Re: LDAP - Anonymous Login = :(
by 2326766 » Thu Sep 01, 2011 12:53 pm
Yes. I figured both, the feedback and forums will give it attention.
- 2326766
- Sharp
- Posts: 157
- Joined: Wed Apr 30, 2008 2:28 pm
Re: LDAP - Anonymous Login = :(
by 2326766 » Sat Sep 24, 2011 2:47 am
Add the following code to the slapd.conf file in /usr/syno/etc/openldap
[code]
# Disallow anonymous access (binds).
# With this policy in effect, unauthenticated users receive a response
# of Error 48: Inappropriate authentication
# and otherwise can't see anything in or about your address books.
disallow bind_anon
[/code]
[code]
# Disallow anonymous access (binds).
# With this policy in effect, unauthenticated users receive a response
# of Error 48: Inappropriate authentication
# and otherwise can't see anything in or about your address books.
disallow bind_anon
[/code]
- 2326766
- Sharp
- Posts: 157
- Joined: Wed Apr 30, 2008 2:28 pm
4 posts
• Page 1 of 1
Return to DiskStation Manager 3.2 BETA - 1869
Who is online
Users browsing this forum: pure_energy1 and 1 guest