LDAP - Anonymous Login = :(

A DSM update includes Directory Server, LDAP Client, Remote Folder, Virtual Drive, Syslog Server, Mac OS X Lion Support, Photo Station 5, Google Cloud Print, UPnP Router Support, DSM mobile, CalDAV server, and along with other software enhancements.
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
2326766
Sharp
Sharp
Posts: 165
Joined: Wed Apr 30, 2008 2:28 pm

LDAP - Anonymous Login = :(

Unread post by 2326766 » Mon Aug 22, 2011 6:11 am

Hi,

Using PhpLdapAdmin to Manage the LDAP directory outside of the DSM Gui, I was able to authenticate anonymously.

This is not desirable as anyone could then see users account information (ie. email address, First/Last Name).

Please make this require authentication when the final 3.2 version is released.

Thank You.

User avatar
Frankh
Enlightened
Enlightened
Posts: 422
Joined: Sun Aug 31, 2008 8:59 am
Location: Netherlands

Re: LDAP - Anonymous Login = :(

Unread post by Frankh » Thu Sep 01, 2011 10:24 am

Did you also fill in the DSM 3.2 beta Feedback form on the Synology website? That's the best / fastest way to report bugs.
DS107 DSM 3.1-1639; DS716+II DSM 6.1.3-15152 Update 1;

2326766
Sharp
Sharp
Posts: 165
Joined: Wed Apr 30, 2008 2:28 pm

Re: LDAP - Anonymous Login = :(

Unread post by 2326766 » Thu Sep 01, 2011 12:53 pm

Yes. I figured both, the feedback and forums will give it attention.

2326766
Sharp
Sharp
Posts: 165
Joined: Wed Apr 30, 2008 2:28 pm

Re: LDAP - Anonymous Login = :(

Unread post by 2326766 » Sat Sep 24, 2011 2:47 am

Add the following code to the slapd.conf file in /usr/syno/etc/openldap

[code]
# Disallow anonymous access (binds).
# With this policy in effect, unauthenticated users receive a response
# of Error 48: Inappropriate authentication
# and otherwise can't see anything in or about your address books.
disallow bind_anon
[/code]

Locked

Return to “DiskStation Manager 3.2 BETA - 1869”