LX0-104 · Question #149
Which option should be used to disable anonymous binds to your LDAP directory?
The correct answer is A. disallow bind_anon. To prevent unauthenticated access to an OpenLDAP directory, the disallow bind_anon directive is used to disable anonymous binds.
Question
Options
- Adisallow bind_anon
- Bdisallow bind_anon_cred
- Cdisallow bind_simple_unprotected
- Ddisallow bind_simple
How the community answered
(37 responses)- A86% (32)
- B3% (1)
- C8% (3)
- D3% (1)
Why each option
To prevent unauthenticated access to an OpenLDAP directory, the `disallow bind_anon` directive is used to disable anonymous binds.
The `disallow bind_anon` directive in OpenLDAP configuration (e.g., `slapd.conf` or `cn=config`) explicitly prevents clients from performing an anonymous bind, which means clients must provide valid credentials to authenticate and access the directory. This enhances security by preventing unauthenticated enumeration or access.
`bind_anon_cred` is not a standard or recognized option in OpenLDAP for disabling anonymous binds.
`bind_simple_unprotected` refers to simple binds over unencrypted connections, not specifically anonymous binds, and is controlled by a different directive, often related to security transport layer (TLS/SSL).
`bind_simple` refers to any simple bind operation, which includes authenticated binds. Disallowing `bind_simple` would prevent almost all non-SASL authentication, which is not the same as just anonymous binds.
Concept tested: OpenLDAP anonymous bind control
Source: https://www.openldap.org/doc/admin24/slapdconfig.html
Topics
Community Discussion
No community discussion yet for this question.