Question is about why LDAP server allows “Anonymous” access to all data..
We don’t have firewall but even if we block the port, LDAP in still open to INTERNAL NETWORK.
Why default setting of Zimbra is “Anonymous” access to all LDAP data
1) Download any LDAP Explorer tool (ie: windows .net tool ASP-DEv XM LDAP Explorer http://www.asp-dev.com/main.asp?page=200 )
2) only put INTERNAL or EXTERNAL IP of zimbra LDAP server (no username password) and you can access all LDAP data and usernames
How can we enable AUTH in LDAP so no data is visible thru “Anonymous” access from any network internal or external.
Can anyone confirm this behavior and what can we do to stop this to make it more secure.