Delegated Administrator - Remove Anonymous LDAP Access
(Doc ID 1446237.1)
Last updated on MARCH 17, 2020
Applies to:Oracle Communications Calendar Server - Version 7.0 and later
Oracle Communications Delegated Administrator - Version 7.0.0 and later
Information in this document applies to any platform.
Provide instructions on how to disable anonymous access to the Comms LDAP DIT.
Delegated Administrator 7 added LDAP anonymous access in the initial release.
The grant of access in this ACI is not used by the product.
The ACI is as follows:
))(targetattr != "userPassword||passwordHistory||passwordExpirationTime||pas
passwordAllowChangeTime")(version 3.0; acl "DA anonymous access rights";allow (read,search,compare)userdn = "ldap:///anyone";
where $ugsuffixstands for the base of the user/group tree. (The default value is o=usergroup. See "How To Find the Installed Version of comm_dssetup.pl Used For Communications Suite Products (Doc ID 1338853.1" to find value in your DIT)
This ACI appeared in new installs of DA 7, and upgrades from DA 6.4 to DA 7.
Since this was added to the LDAP DIT, the ACI affects all Communications Suite products, and any other applications that use the LDAP DIT.
In patch -05, this ACI was removed from the product.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Checkling for anonymous access|
|Automatic removal through DA7 upgrades|
|Schema 2 - DIrect LDAP mode|