[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP bind with blank password

> Hi again,
> I just noticed that ldapd considers a bind where a bind DN is supplied but
> where a blank password is given to be anonymous given some kind of read
> permissions for anonymous. Is that how it is supposed to work?
> The reason for asking is that I wrote some authentication code that uses a
> simple bind with dn and password to authenticate users and was somewhat
> surprised that the bind call returned zero with an incorrect password.  Of
> course this is easily fixable by just disallowing blank passwords in my
> code but I'd still like to know why things were designed like that.

A bind with a DN but with an empty password is equivalent to an anonymous
bind, while a bind with a DN and with a wrong password is not; the latter,
for obvious reasons, is rejected.

I don't know why it was designed this way, though.