Check or Attack Name: LDAP NullSubtree

If LDAP allows a NULL base in an LDAP search with a scope set to subtree, the LDAP server will dump all viewable information in a directory.

• Use an access list to deny all access by default.
• Create groups and modify group permissions according to each group's requirements.
• Assign users to the appropriate group(s) according to their needs.