Windows Active Directory global catalog servers also allow searches with an
empty base string, so I can't imagine how this specific point could be a
security problem.
I'm wondering if the fact that you can search without binding using real
credentials is what they think is a problem?
> From: Allan Marcus <email@hidden>
> Date: Mon, 11 Apr 2005 11:39:20 -0600
> To: "CM List (External)" <email@hidden>
> Subject: OD allows null base query, is this a problem?
>
> My network admins periodically scan out internal network for potential
> security problems. My Panther Server showed up on the scan as allowing
> a null base LDAP search. The advice I was given is taht this may or may
> not be a problem. My questions are:
>
> 1) Is this a potential problem?
> 2) Is there a way to configure OD not to allow a null base search?
> 3) If configured not to allow a null base search, will this cause other
> problems with OD or Panther server?
>
>
> Thanks,
>
> Allan Marcus
> 505-667-9531
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Client-management mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/client-management/email@hidden
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
