[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP bind with blank password

To: erik@roxen.com
Subject: Re: LDAP bind with blank password
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Mon, 10 Dec 2001 19:52:09 +0100 (MET)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.GSO.4.33.0112101916370.532-100000@nostromo.roxen.com> from Erik Persson at Dec "10," 2001 "07:25:53" pm

> Hi again,
> 
> I just noticed that ldapd considers a bind where a bind DN is supplied but
> where a blank password is given to be anonymous given some kind of read
> permissions for anonymous. Is that how it is supposed to work?
> 
> The reason for asking is that I wrote some authentication code that uses a
> simple bind with dn and password to authenticate users and was somewhat
> surprised that the bind call returned zero with an incorrect password.  Of
> course this is easily fixable by just disallowing blank passwords in my
> code but I'd still like to know why things were designed like that.

A bind with a DN but with an empty password is equivalent to an anonymous
bind, while a bind with a DN and with a wrong password is not; the latter,
for obvious reasons, is rejected.

I don't know why it was designed this way, though.

Pierangelo.

Follow-Ups:
- Re: LDAP bind with blank password
  - From: Daniel Tiefnig <openldap@qmail.infonova.at>

References:
- LDAP bind with blank password
  - From: Erik Persson <erik@roxen.com>

Prev by Date: slurpd with kerberos working config
Next by Date: Solaris automounter
Index(es):
- Chronological
- Thread