[Date Prev][Date Next]
Re: LDAP bind with blank password
Daniel Tiefnig wrote:
> Pierangelo Masarati wrote...:
> >> I just noticed that ldapd considers a bind where a bind DN is
> >> supplied but where a blank password is given to be anonymous given
> >> some kind of read permissions for anonymous. Is that how it is
> >> supposed to work?
> > A bind with a DN but with an empty password is equivalent to an
> > anonymous bind, while a bind with a DN and with a wrong password is
> > not; the latter, for obvious reasons, is rejected.
> going farther, i'd say a bind with a DN that isn't in the DB without any
> or with an arbitrary password (of course wrong/correct doesn't apply
> here) is considerd to be anonymous bind.. at least for opwnldap1.2.X, i
> think i remember there was a change with openldap2.0, but i'm not sure
> about that now..
If the dn refers to a naming context that is not held by the DSA,
if a referral is available it is returned, otherwise a
LDAP_INVALID_CREDENTIALS error is returned.
If the dn is not in the database, no referrals can be determined for
such entry and it is not the rootdn, then LDAP_INVALID_CREDENTIALS
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano |
via La Masa 34, 20156 Milano, Italy |