Symantec Access Management

  • Private Community

  • 1.  CA Directory Anonymous authentication

    Posted Sep 13, 2017 12:10 PM

    Hello I have installed CA Directory 12.6 and would like to turn off anonymous authentication. By default i am able to connec to it with or without password. Can anyone suggest a quick way to disable whether through admin console or through command? Thanks in advance.



  • 2.  Re: CA Directory Anonymous authentication
    Best Answer

    Broadcom Employee
    Posted Sep 13, 2017 02:34 PM

    Hi,

     

    Locate %DXHOME%\config\settings\<DSA_SPECIFIC_FILE>.dxc. default setting inside is 'min-auth = none'. Change that to 'min-auth = clear-password'.

     

    https://docops.ca.com/ca-directory/12-0-14/en/reference/commands-used-in-dxmanager/knowledge

     

     

    Regards,

    Sumeet

     



  • 3.  Re: CA Directory Anonymous authentication

    Posted Sep 15, 2017 06:12 AM

    There is also the possibiity to add specific user able to access into ldap.

     

    To do this, configure the access.dxc like this:

     

    # CA Directory - DXserver/config/access
    #
    # This is the default file for access controls for servers created
    # by DXmanager r12 SP2. As these settings become available in future
    # releases, this file will no longer be sourced.
    #

    #
    # static access controls
    #

    set admin-user = {
     user = <o "testdomain.ca.it"> <cn admin>
     subtree = <>
    };


    #set public-user public-info = {
    #       subtree = <>
    #};


    # static access controls
     set access-controls = true;
    #
    # # dynamic access controls
     set dynamic-access-control = false;

     

    and be sure to add it into the dsa.dxi

     

    Cheers,

    Pasquale