At 08:00 PM 1/8/2006, Max Williams wrote:
>Hi All,
>I have have a requirement where I need ldap users with blank passwords to be
>able authenticate. I understand that a bind with any DN and a blank password
>is
>treated as an anonymous bind by LDAP and that this is a "feature" of the RFC
>and
>not OpenLDAP itself, correct?
In face of a simple bind request with DN and empty password,
LDAP allows the server to either:
a) return success and treat the client as anonymous
b) return an error and treat the client as anonymous
slapd(8) does b) by default but can be configured to do a).
There is no way to configure slapd(8) to do:
c) return success as treat the client as the user
named by the client provided DN.
as this behavior is simply not allowed by the protocol.
Kurt
