[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP bind with blank password

To: openldap-software@OpenLDAP.org
Subject: Re: LDAP bind with blank password
From: Daniel Tiefnig <openldap@qmail.infonova.at>
Date: Tue, 11 Dec 2001 13:07:56 +0000 (UTC)
Organization: Infonova
References: <Pine.GSO.4.33.0112101916370.532-100000@nostromo.roxen.com> <200112101852.fBAIqAG26538@server.aero.polimi.it>

Pierangelo Masarati wrote...:
>> 
>> I just noticed that ldapd considers a bind where a bind DN is
>> supplied but where a blank password is given to be anonymous given
>> some kind of read permissions for anonymous. Is that how it is
>> supposed to work? 
> 
> A bind with a DN but with an empty password is equivalent to an
> anonymous bind, while a bind with a DN and with a wrong password is
> not; the latter, for obvious reasons, is rejected.

going farther, i'd say a bind with a DN that isn't in the DB without any 
or with an arbitrary password (of course wrong/correct doesn't apply 
here) is considerd to be anonymous bind.. at least for opwnldap1.2.X, i 
think i remember there was a change with openldap2.0, but i'm not sure 
about that now..
comments?

daniel

Follow-Ups:
- Re: LDAP bind with blank password
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

References:
- LDAP bind with blank password
  - From: Erik Persson <erik@roxen.com>
- Re: LDAP bind with blank password
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: (no subject)
Next by Date: Re: OpenLDAP limitations?
Index(es):
- Chronological
- Thread