[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating with blank passwords



At 08:00 PM 1/8/2006, Max Williams wrote:
>Hi All,
>I have have a requirement where I need ldap users with blank passwords to be 
>able authenticate. I understand that a bind with any DN and a blank password is 
>treated as an anonymous bind by LDAP and that this is a "feature" of the RFC and 
>not OpenLDAP itself, correct?

In face of a simple bind request with DN and empty password,
LDAP allows the server to either:
        a) return success and treat the client as anonymous
        b) return an error and treat the client as anonymous

slapd(8) does b) by default but can be configured to do a).

There is no way to configure slapd(8) to do:
        c) return success as treat the client as the user
        named by the client provided DN.

as this behavior is simply not allowed by the protocol.

Kurt