[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Must a simple bind with DN and no pwd be treated asanonymous?
Jim Sermersheim wrote:
> >>> Mark Smith <mcs@netscape.com> 8/26/99 8:48:33 AM >>>
> >The text in 2251 section 4.2.2 says:
>
> > If no authentication is to be performed, then the simple
> > authentication option MUST be chosen, and the password be of zero
> > length. (This is often done by LDAPv2 clients.) Typically the DN is
> > also of zero length.
>
> So, if I were going to implement the Authentication Response Control, and the server gets a bind with a valid DN and an empty password, what does it send back as the authDN in the response control (empty or original DN)? Or does it not send a response control at all, since no 'authentication' happened?
>
> Jim
My choice would be to send back an empty DN. Don't want to trick the client into thinking that the server accepted the proposed authDN without a password. Do other v3 servers distinguish between "anonymous authentication" and "no authentication"?
Rob