How to Disable Null Bind and Null Base in OID
(Doc ID 316143.1)
Last updated on MARCH 11, 2019
Applies to:Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
Two potential issues have been identified with respect to LDAP servers. This document discusses how/whether to correct them in OID
1. "LDAP allows null bases"
Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows information to be culled without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user can query your LDAP server using a tool such as 'LdapMiner'
Solution: Disable NULL BASE queries on your LDAP server.
Reference the Internet Security Systems article LDAP null base returns information
2. "LDAP allows anonymous binds"
Improperly configured LDAP servers will allow any user to connect to the server and query for information.
Solution: Disable the NULL bind entry or control the entry with Access Control Lists (ACLs).
Reference the Internet Security Systems article LDAP anonymous access to directory
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document