LDAP authentication is successful even without a password

  • 3449660
  • 21-Jun-2007
  • 29-May-2012

Environment

Novell NetWare 6.5
Novell eDirectory 8.7.3 for all platforms

Situation

LDAP authentication is successful even without a password.
When authenticating with LDAP binds, if no password is used authentication is successful.
If an incorrect password is supplied, authentication fails.
Using the correct password is successful.
This problem does not occur in the ConsoleOne utility, which does not use LDAP binds.

Resolution

This behavior is in accordance to RFC 2251 (LDAP v3).

To disable Anonymous Simple Binds, login to iManager and do the following:

Select LDAP | LDAP Optoins | View LDAP Servers | Select your LDAP server | select the "connections tab" | Scroll down to"Restrictions" and set the "Bind Restrictions" to "Disallow anonymous simple bind".

Once this setting is made and applied, Anonymous Simple binds will return "Inappropriate authentication (48) additional info: Anonymous Simple Bind Disabled."

Additional Information

An LDAP bind in which a username is provided, but not a password, is treated as an "anonymous" bind. Whatever rights the "Public" entity in eDirectory has, the same will be available to an anonymous bind. Therefore, even without a password, access may be granted based on "Public".

Formerly known as TID# 10057574