[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Authentication



Hi

To send a blank password is the same as doing an anonymous bind.

It exists a patch for this, alternativ you do 
defaultaccess none
in slapd.conf

I once used the patch, but did not like the solution, considering hat I have to
apply the patch for every new release, so now I make sure that defaultaccess is
none.

/Urban
Citerat från  Cthulhu <f.sileno@agora.it>:

> 
> I have a strange behavoiur in both OpenLDAP 1.2.11 and 2.0.6: when I
> try to authenticate a user with "ldapadd" or trought a PHP / JSP page,
> the user is authenticated even if it leave a blank password.
> 
> It seems to be an half working auth, since the user achieve only READ
> permission, but of course this is not a wanted feature.
> 
> Some one is suggesting that this can be a compilation problem, I'm
> worried that there is also something I don't know about LDAP.
> 
> Can some point me in the right direction?
> 
>         slapdingly,
>            Cthulhu
> 
> -- 
>    Ph'nglui mglw'nafh Cthulhu http://www.rlyeh.it/ wgah'nagl fhtgan!
> 			 <f.sileno@agora.it>  
> 
> 



--
Urban Lindberg
Systech Consulting AB
Tel: +46 60 64 11 00
Cellular: +46 70 312 91 97
E-mail: urban.lindberg@systech.se

Go to http://roam.systech.se