[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP bind with blank password

Daniel Tiefnig wrote:
> Pierangelo Masarati wrote...:
> >>
> >> I just noticed that ldapd considers a bind where a bind DN is
> >> supplied but where a blank password is given to be anonymous given
> >> some kind of read permissions for anonymous. Is that how it is
> >> supposed to work?
> >
> > A bind with a DN but with an empty password is equivalent to an
> > anonymous bind, while a bind with a DN and with a wrong password is
> > not; the latter, for obvious reasons, is rejected.
> going farther, i'd say a bind with a DN that isn't in the DB without any
> or with an arbitrary password (of course wrong/correct doesn't apply
> here) is considerd to be anonymous bind.. at least for opwnldap1.2.X, i
> think i remember there was a change with openldap2.0, but i'm not sure
> about that now..
> comments?

If the dn refers to a naming context that is not held by the DSA,
if a referral is available it is returned, otherwise a 

If the dn is not in the database, no referrals can be determined for
such entry and it is not the rootdn, then LDAP_INVALID_CREDENTIALS
is returned.


Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
via La Masa 34, 20156 Milano, Italy   |