openldapldapconnectionslapd

how to re-enable anonymous login in openldap


I have recently installed openldap 2.4.42 and disabled anonymous login using the following content in ldif file.

dn: cn=config changetype: modify add: olcDisallows olcDisallows: bind_anon

dn: cn=config changetype: modify add: olcRequires olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcRequires olcRequires: authc

I can even see access to dn.base="" by * read in slapd.conf file Now, I have a application(wordpress blog) which is trying to connect to LDAP server using anonymous login and failing because of that reason. I tried few options but none of them are working. Can someone help me out on how to re-enable the LDAP anonymous login.

Thanks in advance


Solution

  • What type of configuration are you using ? slapd.conf or slapd.d/ folder ? You cannot use both at the same time. Drop added olcDisallows & olcRequires configuration if you use slapd.d/ folder configuration. Or delete countrepart settings from slapd.conf file (disallow & require) if you use slapd.conf configuration file.

    To delete what you said you added to activate this behavior, ie with an LDIF file for example:

    dn: cn=config
    changetype: modify
    delete: olcDisallows
    olcDisallows: bind_anon
    -
    dn: cn=config
    changetype: modify
    delete: olcRequires
    olcRequires: authc
    -
    dn: olcDatabase={-1}frontend,cn=config
    changetype: modify
    delete: olcRequires
    olcRequires: authc
    

    You should also verify that targeted anonymous access is allowed by database ACLs (olcAccess parameter)