[Dovecot] LDAP authentication windows 2003
Timo Sirainen
tss at iki.fi
Thu Nov 9 15:05:01 UTC 2006
On Thu, 2006-11-09 at 10:47 +0000, Chris Wakelin wrote:
>
> Matheus Antonio Oliveira wrote:
> > People,
> >
> > Almost resolved, but with "blank password" against a "active directory - ldap -
> > windows 2003 sp1" the user was logged in. See following logs.
> >
> > Good notice: the situation doesn't happen in "active directory - ldap - windows
> > 2000 sp4"
> >
>
> Oh dear - you're right! We're using 2003 Active Directory (but in "2000
> mode") and I can repeat the behaviour with my test rc12 server ...
>
> * OK University of Reading IMAP test ready.
> . LOGIN <username> ""
> . OK Logged in.
Umm.. The auth bind succeeds with the empty password?
So should I just add a check that empty password will always fail if
auth_bind=yes? This prevents having users who don't have a password (eg.
they'd be proxied elsewhere), but I guess it's not that important.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061109/8f6b8ef5/attachment.pgp
More information about the dovecot
mailing list