# LDAP Anonymous Bind

```
cme ldap <dc> -u '' -p '' --users 
cme ldap <dc> -u '' -p '' --groups
cme ldap <dc> -u '' -p '' --password-not-required
```

### 대응 방안

* ADSI Edit > "Configuration" > CN=Services > CN=Windows NT > CN=Directory Service > Properties > dSHeuristics = \<not set> OR `NOT 0000002`.

<figure><img src="https://1805673931-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtMFEdQUk1veqYea72hvC%2Fuploads%2Fgit-blob-04812c2349d7f8d40e7c6b26d6c5485f3f549a30%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

* Remove `Anonymous LOGON` groups having `READ` permission on `Users` Container.

<figure><img src="https://1805673931-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtMFEdQUk1veqYea72hvC%2Fuploads%2Fgit-blob-af429b0f9c32b81763cc80d580a9144f75f0974c%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>