Connecting with null password causes wrong LDAP result code
-----------------------------------------------------------
Key: DIRSERVER-1309
URL: https://issues.apache.org/jira/browse/DIRSERVER-1309
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 1.5.4
Environment: Windows XP
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
ApacheDS 1.5.4
Sun ONE Directory SDK for Java 4.1
Reporter: Stefan Zoerner
Priority: Minor
Fix For: 2.0.0-RC1
If a client tries to bind to the server with password value "null", the bind
fails (OK) and the return code is 53 (LDAP_UNWILLING_TO_PERFORM).
The expected behaviour according to the Open Group is different:
Either we return error code 48 (LDAP_INAPPROPRIATE_AUTH) or 49
(LDAP_INVALID_CREDENTIALS), or we bind successfully, but accepts this as an
anonymous client.
IBM Tivoli Directory Server 6.0 for instance raises an RC 48.
Sun Java System Directory Server 5.2 has chosen option 2 (accepting as
anonymous bind).
Please note that it is tricky to reproduce with JNDI. If you set the password
in JNDI explicitly to null, you cause an NPE on the client. I will continue to
find a solution here. In the maentime, find attached a test case with Sun ONE
Directory SDK for Java 4.1.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
