How to Disable Null Bind and Null Base in OID
Last updated on JUNE 15, 2017
Applies to:Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 17-Jul-2013***
Two potential issues have been identified with respect to LDAP servers. This document discusses how/whether to correct them in OID
1. "LDAP allows null bases"
Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows information to be culled without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user can query your LDAP server using a tool such as 'LdapMiner'
Solution: Disable NULL BASE queries on your LDAP server.
Reference the Internet Security Systems article LDAP null base returns information
2. "LDAP allows anonymous binds"
Improperly configured LDAP servers will allow any user to connect to the server and query for information.
Solution: Disable the NULL bind entry or control the entry with Access Control Lists (ACLs).
Reference the Internet Security Systems article LDAP anonymous access to directory
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms