[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Must a simple bind with DN and no pwd be treated as anonymous?
Hallvard B Furuseth wrote:
>
> Ludovic Poitou writes:
>
> > This [binding with DN but no password] is described in the RFC2251
> > page 22. Zero length password means no authentication (anonymous
> > mode).
>
> I think the "(anonymous mode)" comment is misleading and should be
> deleted from rfc2251. It's nice to have e.g. WWW gateways bind with a
> DN, even if unauthenticated, in order to identify themselves in the
> LDAP/X.500 server logs.
The text in 2251 section 4.2.2 says:
If no authentication is to be performed, then the simple
authentication option MUST be chosen, and the password be of zero
length. (This is often done by LDAPv2 clients.) Typically the DN is
also of zero length.
This looks okay to me. The word "anonymous" and variants does appear
elsewhere in 2251 though. It might be more accurate to say
"unauthenticated" although the phrase "anonymous bind" is widely used to
refer to any simple bind that uses a zero-length password.
--
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's. Got LDAP?