diff --git a/site-cookbooks/kosmos-dirsrv/resources/instance.rb b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
index e9a59a7..c27e472 100644
--- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb
+++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
@@ -51,6 +51,7 @@ action :create do
       notifies :restart, "service[#{service_name}]", :immediately
       notifies :delete, "template[#{setup_config}]", :immediately
       notifies :run, "execute[add users group]", :delayed
+      notifies :run, "execute[disable anonymous access]", :delayed
     end
   end
 
@@ -70,6 +71,23 @@ action :create do
     action :nothing
   end
 
+  file "#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif" do
+    content <<-EOF
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+    EOF
+    owner "root"
+    group "root"
+  end
+
+  execute "disable anonymous access" do
+    command "ldapmodify -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif' -p #{new_resource.port} -h localhost"
+    sensitive true
+    action :nothing
+  end
+
   unless node.chef_environment == "development"
     package "libnss3-tools" # provides pk12util