My Oracle Support Banner

Delegated Administrator - Remove Anonymous LDAP Access (Doc ID 1446237.1)

Last updated on NOVEMBER 19, 2018

Applies to:

Oracle Communications Calendar Server - Version 7.0 and later
Oracle Communications Delegated Administrator - Version 7.0.0 and later
Information in this document applies to any platform.

Goal

Provide instructions on how to disable anonymous access to the Comms LDAP DIT.

Delegated Administrator 7 added LDAP anonymous access in the initial release.

The grant of access in this ACI is not used by the product.

The ACI is as follows:

aci: (target="ldap:///$ugsuffix")(targetfilter=(!(objectclass=sunServiceComponent)
))(targetattr != "userPassword||passwordHistory||passwordExpirationTime||pas
swordExpWarned||passwordRetryCount||retryCountResetTime||accountUnlockTime||
passwordAllowChangeTime")(version 3.0; acl "DA anonymous access rights";allow (read,search,compare)userdn = "ldap:///anyone";

where $ugsuffixstands for the base of the user/group tree. (The default value is o=usergroup. See "How To Find the Installed Version of comm_dssetup.pl Used For Communications Suite Products (Doc ID 1338853.1" to find value in your DIT)

This ACI appeared in new installs of DA 7, and upgrades from DA 6.4 to DA 7.

Since this was added to the LDAP DIT, the ACI affects all Communications Suite products, and any other applications that use the LDAP DIT.

In patch -05, this ACI was removed from the product.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Checkling for anonymous access
 Automatic removal through DA7 upgrades
 Schema 1
 Schema 2 - DIrect LDAP mode
 Manual removal
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.