Simple but very helpful article.
1)I always like to do it by command line as below:
ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful
This above means the bind feature is enable.
If you look into this parameter below:
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1
0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE
So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...
command:
ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0
This means anonymous bind is now disallow
2) But you can also do it by EM as below:
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'
I hope this helps you,
Thiago Leoncio.
No comments:
Post a Comment