[Date Prev][Date Next]
Re: ldap_simple_bind_s (null) vs '' for password
> I have a question relating to ldap_simple_bind_s. This issue comes up
> when I try with an 2003 Active Directory, but I am using OpenLDAP API to
> talk to this server.
> a brief sequence of steps:
> 1) ldap_simple_bind_s (correct dn, correct password)
> 2) ...
> 3) ldap_simple_bind_s (correct dn, "") *
> 4) ldap_simple_bind_s (correct dn, incorrect password) **
> 5) ldap_simple_bind_s (correct dn, 0) ***
> 6) ...
> 7) ldap_unbind_s
> 3) * - succeeds!!
> 4) ** - fails as expected.
> 5) *** - succeeds!!
3) & 5) succeed, but result in an anonymous bind
(if they don't, it's a bug)
> I tried the same with slapd, but as expected 3,4,5 fail.
this feature is disabled by default in slapd; you
can re-eanble it by using the "allow" directive;
see slapd.conf(5) for details.
> I am confused as to why 3 succeeds, sladp doesnt allow (dn with no
> password), maybe Ad2003 allows this, but no password is (null) or 0 as
> in 5, but how does 3 succeed..?
> with 3,5 if i try to do any other operation in 6 like ldap_search_s it
> fails with the following message:
> LdapErr: DSID-0C0905FF, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, vece
> Any suggestions as to how i can correct this ?
I have no idea about how to disable this in AD.