On 6/4/05, Dave Coyle [contractor] <dave.coyle(a)nrl.navy.mil> wrote:
The Wishlist page [
http://directory.fedora.redhat.com/wiki/Wishlist
] lists
'option to disable anonymous binds' as a desired feature, but one can
already do this via ACIs, e.g.:
aci: (targetattr="*")(version 3.0; acl "deny anonymous access by
default";
deny (all) userdn="ldap:///anyone";)
Would this provide what was desired, or is there more to the feature
request?
This should also work. However, you should be careful where you apply
this ACI: for example, applying it at the top of the DIT won't allow
you to allow anonymous access to some other parts of the tree (since
the ACI is an explicit deny).