Re: ldap authentication allows logon with blank password

From: lighthouse(dot)software(at)gmail(dot)com
To: pgsql-general(at)postgresql(dot)org
Subject: Re: ldap authentication allows logon with blank password
Date: 2007-12-06 22:48:55
Message-ID: 54523b4e-8cb6-4b81-87c4-5d8f7bb07fb0@e6g2000prf.googlegroups.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

After some investigation into Open LDAP I discovered that a post that
states:

"A bind with a DN but with an empty password is equivalent to an
anonymous
bind, while a bind with a DN and with a wrong password is not;"

So could this cause a blank password to allow access to the database
as the LDAP server
is successfully connecting anonymously?

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Alvaro Herrera 2007-12-06 23:00:19 Re: Replication Monitoring
Previous Message Glyn Astill 2007-12-06 22:43:43 Replication Monitoring