It was recently discovered that any string allows a valid LDAP user to authenticate to our foreman instance.
Empty password fields get rejected, as do users who don't exist in LDAP. User info is correct, so I'm confident that foreman is talking to LDAP. Has anyone seen this? An hour of googling hasn't revealed any solution. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
