[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Authentication
Hi
To send a blank password is the same as doing an anonymous bind.
It exists a patch for this, alternativ you do
defaultaccess none
in slapd.conf
I once used the patch, but did not like the solution, considering hat I have to
apply the patch for every new release, so now I make sure that defaultaccess is
none.
/Urban
Citerat från Cthulhu <f.sileno@agora.it>:
>
> I have a strange behavoiur in both OpenLDAP 1.2.11 and 2.0.6: when I
> try to authenticate a user with "ldapadd" or trought a PHP / JSP page,
> the user is authenticated even if it leave a blank password.
>
> It seems to be an half working auth, since the user achieve only READ
> permission, but of course this is not a wanted feature.
>
> Some one is suggesting that this can be a compilation problem, I'm
> worried that there is also something I don't know about LDAP.
>
> Can some point me in the right direction?
>
> slapdingly,
> Cthulhu
>
> --
> Ph'nglui mglw'nafh Cthulhu http://www.rlyeh.it/ wgah'nagl fhtgan!
> <f.sileno@agora.it>
>
>
--
Urban Lindberg
Systech Consulting AB
Tel: +46 60 64 11 00
Cellular: +46 70 312 91 97
E-mail: urban.lindberg@systech.se
Go to http://roam.systech.se