Disable anonymous binds

See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds

site-cookbooks/kosmos-dirsrv/resources/instance.rb

@@ -51,6 +51,7 @@ action :create do
       notifies :restart, "service[#{service_name}]", :immediately
       notifies :delete, "template[#{setup_config}]", :immediately
       notifies :run, "execute[add users group]", :delayed
+      notifies :run, "execute[disable anonymous access]", :delayed
     end
   end
 
@@ -70,6 +71,23 @@ action :create do
     action :nothing
   end
 
+  file "#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif" do
+    content <<-EOF
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+    EOF
+    owner "root"
+    group "root"
+  end
+
+  execute "disable anonymous access" do
+    command "ldapmodify -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif' -p #{new_resource.port} -h localhost"
+    sensitive true
+    action :nothing
+  end
+
   unless node.chef_environment == "development"
     package "libnss3-tools" # provides pk12util