Hi Friends,

Can you please check the below points and help me in closing these observations which were raised post migration of DB2 version 8.2.8 to 8.2.18:

1) Vulnerability: LDAP NULL BASE Search Access
Description: The remote LDAP server may disclose sensitive information.
Recommendation: If the remote LDAP server supports a version of the LDAP protocol before v3, consider whether to disable NULL BASE queries on your LDAP server.

2) Vulnerability: LDAP Server NULL Bind Connection Information Disclosure
Description: The remote LDAP server allows anonymous access.
Recommendation: Unless the remote LDAP server supports LDAP v3, configure it to disallow NULL BINDs.

Please help to fix these issues.


Regards,
Sandesh