LDAPv3 specifications have introduced a unituitive feature with regards to authentication : the unauthenticated bind.
When an LDAP application provides a DN but no password, the Bind request is succesfull, BUT the user is not authenticated and has the same access rights as an Anonymous user.
Note that DS 6.0 now has a configuration parameter to disable unauthenticated Binds, and remove this unconventional authentication "feature" of LDAPv3.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment