One solution would be to ACL all objects such that SELF can read them, then have the app, after it has authenticated as the user, try and read something on the user itself. This way you know you are in fact that user (or someone else that has read access, which presumably won't work as anonymous).
In terms of your DCR...could such a bit be put in? I guess. But DCRs that are filed with the intentional intent of going again an RFC typically have a rough time getting through even with a very strong business impact. And you have a workaround already in the app, and another solution I mentioned above. Just setting expectations... ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer Sent: Thursday, September 28, 2006 5:53 PM To: [email protected] Subject: [ActiveDir] ADAM bind Redirection with a NULL password Since there has been talk of LDAP "Authentication" as of late, I figured I'd post my issue of poorly developed applications allowing a null password to an ADAM instance using Bind Redirection. http://jeftek.spaces.live.com/blog/cns!F2042DC08607EF2!710.entry I'd be curious if a bit flip to shut down this possibility could be put in control of the directory Admin, instead of relying on the developers. Thanks, Jef Kazimer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
