First time here? Check out the FAQ!
Ask Your Question

Revision history  [back]

Revision 3
Samuel's avatar
425
Samuel
updated 2011-05-31 08:17:19 -0600

ldap connection authorized if the password not filled even for an unknown user

When the ldap is activated and well configured :

  1. if the username does not exist in the ldap database and the the password is not filled, the connection is allowed by askbot

  2. if the username exists and no password is filled, the connection is also allowed.

  3. if the username exists and the password is filled and wrong, then the connection is refused (ldap error : invalid credentials

  4. if the username exists and the password is well filled, the the connection is accepted.

It seems to be that ldap-python simple_bind_s method does not raised an exception included in ldap.LDAPError for the first two cases. I have just added a trace to confirm that in the fourth cases the method is called. The ldap-python doc does not give more details. I will try to investigate further next week. If you have any idea, let me know, I have a full test environment to investigate.

Revision 2
Samuel's avatar
425
Samuel
updated 2011-05-26 07:26:12 -0600

ldap connection authorized if the username does not exist or password not filled even for an unknown userempty

When the ldap is activated and well configured :

  1. if the username does not exist in the ldap database and the the password is not filled, database, the connection is allowed by askbot

  2. if the username exists and no password is filled, the connection is also allowed.

  3. if the username exists and amd the password is filled and wrong, then the connection is refused (ldap error : invalid credentials

  4. if the username exists and the password is well filled, the the connection is accepted.

It seems to be that ldap-python simple_bind_s method does not raised an exception included in ldap.LDAPError for the first two cases. I have just added a trace to confirm that in the fourth cases the method is called. The ldap-python doc does not give more details. I will try to investigate further next week. If you have any idea, let me know, I have a full test environment to investigate.

Revision 1
Samuel's avatar
425
Samuel
asked 2011-05-26 07:25:10 -0600

ldap connection authorized if username does not exist or password empty

When the ldap is activated and well configured :

  1. : 1) if the username does not exist in the ldap database, the connection is allowed by askbot

  2. askbot 2) if the username exists and no password is filled, the connection is also allowed.

  3. allowed. 3) if the username exists amd the password is filled and wrong, then the connection is refused (ldap error : invalid credentials

  4. credentials) 4) if the username exists and the password is well filled, the the connection is accepted.

It seems to be that ldap-python simple_bind_s method does not raised an exception included in ldap.LDAPError for the first two cases. I have just added a trace to confirm that in the fourth cases the method is called. The ldap-python doc does not give more details. I will try to investigate further next week. If you have any idea, let me know, I have a full test environment to investigate.