Tech Off Thread

1 post

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

2003 server unlocking LDAP

Back to Forum: Tech Off
  • User profile image

    2003 server unlocking LDAP.


    I have a fix for unlocking LDAP  anonymous  for 2003 server…. Unfortunately when I try this I get an “access denied”.

    I have tried logging in as Local Admin, and Domain Admin….      The real issue is that our parent corp 200 miles away has the enterprise admin and has locked this down. Is there any hack around this.  I have access to the box locally.


    Enabling anonymous LDAP operations

    1.      Launch ADSI Edit (part of support tools) and navigate to:

    Where <forestRoot> is the root domain of your forest (in my case this is DC=antid0t,DC=net)

    2.      Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute

    3.      If the attribute is not set (has no value), fill in "0000002" in the value field.
    The last (seventh) character is the one that controls the way you can bind to LDAP service. "0" or no seventh character means that anonymous LDAP operations are disabled. Setting the seventh character to "2" permits anonymous operations (you are still subject to Access Control Lists of the objects in AD)

    Warning: if the attribute already contains a value, make sure you are changing only the seventh character from the left – this is the only character that needs to be changed in order to enable anonymous binds. So for example if the current value is "0010000", you will need to change it to "0010002".

    If the current value is less than 7 characters, you will need to put zeros in the places not used: "001" will become "0010002"

    4.      Make yourself a cup of coffee and wait till the change is replicated to all you DCs in the forest. The new value will be picked up without any need for server reboots or service restarts. Meanwhile you can get a bit more details about the process from MS KB article 326690.

    Mark Latham
    Management Information Systems
    Mercy Medical Center
    Durango, CO

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.