Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: Lexa6283 on December 27, 2022, 03:33:33 pm

Title: Unauthenticated LDAP Bind
Post by: Lexa6283 on December 27, 2022, 03:33:33 pm

Hello,
Reaching out here as I have not been able to find the answer, our pentesting picked out our Zentyal server for allowing unathenticated LDAP bind and exposing information about domain which could be leveraged.....

How can I disable unauthenticated LDAP Bind in Zentyal?

Title: Re: Unauthenticated LDAP Bind
Post by: dzidek23 on January 17, 2023, 11:41:24 am

Hi,

not sure what to suggest, maybe apart from configuring firewall.

You could also raise an issue on https://github.com/zentyal/zentyal/issues if you can provide more details, this might be looked at by the developers.