Bind with a DN and an empty password is a valid LDAP operation per the
LDAP v3 specifications (RFC 2251) and results in the user being
identified but not authenticated and not authorized...
The result is that the bind is successful but the connection is treated
as an anonymous operation.
Note that this behavior is now discouraged in RFC 4513 and Directory
Server 6 has a configuration parameter to accept or reject these requests.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment