SYMPTOMSThe LDAP_ANONYMOUS user account password is exposed in the registry in plain text. Anyone who has installed Site Server would have knowledge of the username and password (that is, password is always the same). CAUSE
This password is hard coded in the software. Maintaining the password through the registry setting has no effect.
RESOLUTIONA supported fix that corrects this problem is now available from Microsoft, but
it has not been fully regression tested and should be applied only to systems
experiencing this specific problem. If you are not severely affected by this
specific problem, Microsoft recommends that you wait for the next Site Server service pack
that contains this fix. http://www.microsoft.com/support/supportnet/overview/overview.aspThe English version of this fix should have the following file attributes or later:
STATUSMicrosoft has confirmed this to be a problem in Site Server 3.0. MORE INFORMATIONThis implementation generates a random password for the LDAP_ANONOMOUS account every time the ldapsvc is started. The Registry setting mentioned in the "Cause" section is no longer used. Additional query words:
Keywords : |
Last Reviewed: December 21, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |