Le 2015-12-08 16:22, Emmanuel Lécharny a écrit :
Le 08/12/15 15:48, M. P. a écrit :
Hope you can explain that to your application developpers...
I started to explain them that it should not be done the way it is
done now. I can provide them a newer version of the directory, more
secure, but like I said before, they use this behaviour/issue
currently and if I want to migrate to a newer version, I have to
provide them some compatibility possibility the time this is fixed in
the app.
This is the reason I ask here. Maybe apacheDS was working like this
before, maybe this is a bug, I don't know what else ...
My personal bet : it was a bug in 1.5.7
When searching for an explanation, I saw that there are interceptors
in apacheDS and as a supposition, maybe playing with them allows
apacheDS to accept these bindings.
That's a possibility. Have they added an interceptor, or a specific
authenticator ? Adding an authenticator that accepts such broken
passwords is a solution that would work.
I don't know. The team currently working on these apps don't know too.
The guys that worked on that are not there any more. I have to check
that later.
--
------------
M. P.
