On Jan 11, 2006, at 6:35 PM, Quanah Gibson-Mount wrote:
--On Wednesday, January 11, 2006 9:20 PM +0000 Peter Walsham
<[EMAIL PROTECTED]> wrote:
Chris, thanks for your reply.
To put this another way, with Net::LDAP how do you do a simple
bind with a DN and an empty password?
Amazing to see this exact same question show up here that was on
the OpenLDAP-software list just a little while ago.
------------------------------------
Kurt wrote a very simple response to this general question, which is:
In face of a simple bind request with DN and empty password,
LDAP allows the server to either:
a) return success and treat the client as anonymous
b) return an error and treat the client as anonymous
slapd(8) does b) by default but can be configured to do a).
Right. This is also why with Net::LDAP you have to be specific when
you want an anonymous bind but passing noauth => 1
Internally this causes a simple bind with an empty password, but
passing password => '' will return an error so people don't get
authorized as anonymous by mistake because a bug in thier code caused
an empty password to be sent.
Graham.
