Delegated Administrator - Remove Anonymous LDAP Access (Doc ID 1446237.1)

Last updated on JUNE 10, 2017

Applies to:

Oracle Communications Calendar Server - Version 7.0 and later
Oracle Communications Delegated Administrator - Version 7.0.0 and later
Information in this document applies to any platform.

Goal

Provide instructions on how to disable anonymous access to the Comms LDAP DIT.

Delegated Administrator 7 added LDAP anonymous access in the initial release.

The grant of access in this ACI is not used by the product.

The ACI is as follows:

aci: (target="ldap:///$ugsuffix")(targetfilter=(!(objectclass=sunServiceComponent)
))(targetattr != "userPassword||passwordHistory||passwordExpirationTime||pas
swordExpWarned||passwordRetryCount||retryCountResetTime||accountUnlockTime||
passwordAllowChangeTime")(version 3.0; acl "DA anonymous access rights";allow (read,search,compare)userdn = "ldap:///anyone";

where $ugsuffixstands for the base of the user/group tree. (The default value is o=usergroup. See "How To Find the Installed Version of comm_dssetup.pl Used For Communications Suite Products (Doc ID 1338853.1" to find value in your DIT)

This ACI appeared in new installs of DA 7, and upgrades from DA 6.4 to DA 7.

Since this was added to the LDAP DIT, the ACI affects all Communications Suite products, and any other applications that use the LDAP DIT.

In patch -05, this ACI was removed from the product.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms