[JBoss-dev] [ jboss-Bugs-627405 ] LdapLoginModule accepts empty password

Wed, 23 Oct 2002 04:55:23 -0700 

Bugs item #627405, was opened at 2002-10-23 13:51
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=627405&group_id=22866

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Erik Konijnenburg (konijnenburg)
Assigned to: Nobody/Anonymous (nobody)
Summary: LdapLoginModule accepts empty password

Initial Comment:
Hi there,

When i login on my web site (i am using forms) using 
the LdapLoginModule I don't have to supply a password 
to login The LDAP server (netscape directory server 
4.12) seems to allow for anonymous authentication. 
Using the right password authenticates the user, using a 
wrong password (except empty) doesnot.




   <application-policy name = "LDAPRealm">
            <authentication>
               <login-module code 
= "org.jboss.security.auth.spi.LdapLoginModule" flag 
= "required">
                 <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.Lda
pCtxFactory</module-option>
                 <module-option 
name="java.naming.provider.url">ldap://NLRTMWS001:3
89/</module-option>
            <module-option 
name="java.naming.security.authentication">simple</mo
dule-option>
                 <module-option 
name="principalDNPrefix">cn=</module-option>
                 <module-option 
name="principalDNSuffix">,cn=basic,cn=Signons,cn=def
ault,cn=Authentication Data,o=sdfsadf,c=NL</module-
option>
              <!--   <module-option 
name="userRolesCtxDNAttributeName">authid</module-
option> -->
            <module-option 
name="uidAttributeID">authbasicsignonlist</module-
option>
            <module-option 
name="roleAttributeID">authuserclasslist</module-
option>
                 <module-option 
name="rolesCtxDN">cn=Users,cn=default,cn=Authentic
ation Data,o=vopakwst,c=nl</module-option>
              <!--   <module-option 
name="hashAlgorithm">SHA-1</module-option> 
            <module-option 
name="hashEncoding">base64</module-option>  -->
              </login-module>
      </authentication>
   </application-policy>

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=627405&group_id=22866


-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to