[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP bind with blank password
> Hi again,
>
> I just noticed that ldapd considers a bind where a bind DN is supplied but
> where a blank password is given to be anonymous given some kind of read
> permissions for anonymous. Is that how it is supposed to work?
>
> The reason for asking is that I wrote some authentication code that uses a
> simple bind with dn and password to authenticate users and was somewhat
> surprised that the bind call returned zero with an incorrect password. Of
> course this is easily fixable by just disallowing blank passwords in my
> code but I'd still like to know why things were designed like that.
A bind with a DN but with an empty password is equivalent to an anonymous
bind, while a bind with a DN and with a wrong password is not; the latter,
for obvious reasons, is rejected.
I don't know why it was designed this way, though.
Pierangelo.