[Date Prev][Date Next]
LDAP bind with blank password
I just noticed that ldapd considers a bind where a bind DN is supplied but
where a blank password is given to be anonymous given some kind of read
permissions for anonymous. Is that how it is supposed to work?
The reason for asking is that I wrote some authentication code that uses a
simple bind with dn and password to authenticate users and was somewhat
surprised that the bind call returned zero with an incorrect password. Of
course this is easily fixable by just disallowing blank passwords in my
code but I'd still like to know why things were designed like that.
Erik Persson, System Manager <firstname.lastname@example.org>
Roxen Internet Software Voice: +46 13 376817