FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-06-2012, 05:24 PM
Karoly Czovek
 
Default DS ACLs - still

Hi there,
i faced into the following problem:
installed one instance of 389ds to our DR site.Imported the databasesSet up SSL*Removed the anonymous read ACLsRestarted the dirsrv
Replication is not set up.
and I stil can pull the whole db, with a simple
ldapsearch -x -LLL -h ds-drb -b "dc=foo,dc=bar"
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64389-admin-1.1.25-1.el6.x86_64389-admin-console-doc-1.1.8-1.el6.noarch389-console-1.1.7-1.el6.noarch389-ds-base-1.2.9.14-1.el6_2.2.x86_64389-admin-console-1.1.8-1.el6.noarch389-ds-console-doc-1.2.6-1.el6.noarch389-dsgw-1.1.7-2.el6.x86_64389-adminutil-1.1.14-2.el6.x86_64389-ds-console-1.2.6-1.el6.noarch389-ds-1.2.2-1.el6.noarch
Any idea?

--
Karoly CZOVEK
Senior Systems Administrator
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-06-2012, 05:31 PM
Jim Finn
 
Default DS ACLs - still

Have you set the following?
dn: cn=config
nsslapd-allow-anonymous-access: off

http://directory.fedoraproject.org/wiki/Anonymous_Access_Switch


Jim Finn

On Tue, Mar 6, 2012 at 12:24 PM, Karoly Czovek <karoly.czovek@moveoneinc.com> wrote:

Hi there,
i faced into the following problem:
installed one instance of 389ds to our DR site.Imported the databasesSet up SSL*
Removed the anonymous read ACLsRestarted the dirsrv
Replication is not set up.
and I stil can pull the whole db, with a simple
ldapsearch -x -LLL -h ds-drb -b "dc=foo,dc=bar"

389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64389-admin-1.1.25-1.el6.x86_64389-admin-console-doc-1.1.8-1.el6.noarch389-console-1.1.7-1.el6.noarch389-ds-base-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-1.1.8-1.el6.noarch389-ds-console-doc-1.2.6-1.el6.noarch389-dsgw-1.1.7-2.el6.x86_64389-adminutil-1.1.14-2.el6.x86_64389-ds-console-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
Any idea?


--
Karoly CZOVEK
Senior Systems Administrator

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org