Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Situation
Nessus Scan Results
The following vulnerabilities were reported by Nessus port scan:
LDAP servers that are not properly configured allow users to connect to the server and query for information
Explanation: Null Bind is enabled on eDirectory LDAP server by default, but allows it to be disabled on the server.
LDAP servers that are not properly configured set the directory base as null
Explanation: Information can be picked even without prior knowledge of the directory structure. With the help of Null Bind, an anonymous user can query the LDAP server using tools like 'LdapMiner'.
Resolution
Solution: Disable Null Bind on the server. This is done by doing the following:
- Open the properties of the LDAP Server object either in iManager
- Choose the Connections tab
- Under the Restrictions section; set Bind Restrictions to Disallow Anonymous Simple Bind