On 12 Jul 2019, at 20:15, Andry Michaelidou
<andry.michaelidou(a)gmail.com> wrote:
Hello all,
We are trying to disabe anonymous binds to our 389-DS ldap servers, but it seems like my
automount setting are not working.
Is it possible to have automount working with anonymous bind not enabled?
Yes it is possible - you'll need a service account per-host or "shared"
between the machines that allows them to read.
This document has more
https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-cliautofs-ldap.html
See the section on autofs_ldap_auth.conf.
Saying this, I think that if you have a "shared" account between the machines
enabling autofs to work, that's basically the same as anonymous because you have a
massively shared account with no privileges. IMO disabling anonymous is not an improvement
in security, because you end up with a much more complex system to administer.
Hope that helps,
Thank you in advance,
Andry Michaelidou
University of Cyprus
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs