Disable anonymous binds

See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds
2019-12-20 16:46:03 +01:00 · 2019-12-20 16:46:03 +01:00 · 9828b867ba
parent 0a96c31e12
commit 9828b867ba
1 changed files with 18 additions and 0 deletions
--- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb
+++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
@ -51,6 +51,7 @@ action :create do
      notifies :restart, "service[#{service_name}]", :immediately
      notifies :delete, "template[#{setup_config}]", :immediately
      notifies :run, "execute[add users group]", :delayed
+      notifies :run, "execute[disable anonymous access]", :delayed
    end
  end

@ -70,6 +71,23 @@ action :create do
    action :nothing
  end

+  file "#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif" do
+    content <<-EOF
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+    EOF
+    owner "root"
+    group "root"
+  end
+
+  execute "disable anonymous access" do
+    command "ldapmodify -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif' -p #{new_resource.port} -h localhost"
+    sensitive true
+    action :nothing
+  end
+
  unless node.chef_environment == "development"
    package "libnss3-tools" # provides pk12util