nerdexam
CompTIA

LX0-104 · Question #149

Which option should be used to disable anonymous binds to your LDAP directory?

The correct answer is A. disallow bind_anon. To prevent unauthenticated access to an OpenLDAP directory, the disallow bind_anon directive is used to disable anonymous binds.

Security

Question

Which option should be used to disable anonymous binds to your LDAP directory?

Options

  • Adisallow bind_anon
  • Bdisallow bind_anon_cred
  • Cdisallow bind_simple_unprotected
  • Ddisallow bind_simple

How the community answered

(37 responses)
  • A
    86% (32)
  • B
    3% (1)
  • C
    8% (3)
  • D
    3% (1)

Why each option

To prevent unauthenticated access to an OpenLDAP directory, the `disallow bind_anon` directive is used to disable anonymous binds.

Adisallow bind_anonCorrect

The `disallow bind_anon` directive in OpenLDAP configuration (e.g., `slapd.conf` or `cn=config`) explicitly prevents clients from performing an anonymous bind, which means clients must provide valid credentials to authenticate and access the directory. This enhances security by preventing unauthenticated enumeration or access.

Bdisallow bind_anon_cred

`bind_anon_cred` is not a standard or recognized option in OpenLDAP for disabling anonymous binds.

Cdisallow bind_simple_unprotected

`bind_simple_unprotected` refers to simple binds over unencrypted connections, not specifically anonymous binds, and is controlled by a different directive, often related to security transport layer (TLS/SSL).

Ddisallow bind_simple

`bind_simple` refers to any simple bind operation, which includes authenticated binds. Disallowing `bind_simple` would prevent almost all non-SASL authentication, which is not the same as just anonymous binds.

Concept tested: OpenLDAP anonymous bind control

Source: https://www.openldap.org/doc/admin24/slapdconfig.html

Topics

#LDAP security#anonymous bind#slapd.conf

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice