Disable LDAP Support
An XCCDF Rule
Description
The ldap module provides HTTP authentication via an LDAP directory.
If its functionality is unnecessary, comment out the related modules:
#LoadModule ldap_module modules/mod_ldap.so #LoadModule authnz_ldap_module modules/mod_authnz_ldap.soIf LDAP is to be used, SSL encryption should be used as well.
Rationale
Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_ldap_support
- Severity
- Unknown
- References
- Updated