Due to our network security policies I need to disable anonymous browsing
of the directory services ldap. I set up a Tiger server way back when but
I am having much difficulty doing the same in Leopard. I've used the
following as references:
As well as the Leopard Admin guide but I am not having any luck.
This is 10.5.1 being set up as a OD master for 4 other machines.
Modifying the slapd.conf and friends and adding bind_anon as per the
318/computerworld articles have no affect (the apple docs mention the
change in format) so I added olcDisallows: bind_anon to slapd.d and
restarting but I am still able to browse the directory. The man page for
slapd.conf states:
olcDisallows: <features>
Specify a set of features to disallow (default none). bind_anon disables
acceptance of anonymous bind requests. Note that this setting does not
prohibit anonymous directory access (See "require authc"). ...
So I added olcRequires: authc which works but promptly bricks the
directory services. Googling around, it sounded like I needed to reconnect
to the local directory server (with authentication this time) but when I
attempted to do so, I seemed to permanently hose the directory server (I
could not back out of the change even after restoring a backup of slapd.d)
requiring me to do a fresh install.
At this point I am out of ideas. We are going to have 90TB of paperweights
if I can't get this straightened out. Can anyone give me ideas on how to
turn of anonymous browsing of the open directory LDAP server? There is no
other special ACL circumstances or needs, just an out of the box Leopard
OD master machine.
