Are you saying that you believe a name paired with an simple empty password is *not* an anonymous bind? Rather, some kind of unauthenticated connection?
>>> Mark C Smith <firstname.lastname@example.org> 11/14/00 1:32:39 PM >>>
Kurt D. Zeilenga wrote:
>> 2) Which signifies an anonymous bind, an empty name or empty simple password?
> A simple bind with an empty password. By my reading of 2251,
> the DN should be empty and ignored if present. However, for
> security reasons, I believe this is bad. I believe it appropriate
> to say that the DN shall be empty and if not, invalidCredentials
I disagree. I am not sure what the X.500 specifications say about this,
but it has been a long standing practice for LDAP clients to use simple
bind with a DN of length > 0 with no password to allow the LDAP server
to log an identity for the informational purposes such as usage
statistics (of course the name is not authenticated in any way). I do
not think we should introduce this kind of incompatible change at this time.
Netscape Directory Product Development