How to Disable Null Bind and Null Base in OID

(Doc ID 316143.1)

Last updated on JUNE 15, 2017

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 17-Jul-2013***

Goal

Two potential issues have been identified with respect to LDAP servers. This document discusses how/whether to correct them in OID

1. "LDAP allows null bases"

Description:

Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows information to be culled without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user can query your LDAP server using a tool such as 'LdapMiner'

Solution: Disable NULL BASE queries on your LDAP server.

Reference the Internet Security Systems article LDAP null base returns information

2. "LDAP allows anonymous binds"

Description:

Improperly configured LDAP servers will allow any user to connect to the server and query for information.

Solution: Disable the NULL bind entry or control the entry with Access Control Lists (ACLs).

Reference the Internet Security Systems article LDAP anonymous access to directory

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms