Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

LDAP authentication is successful even without a password

This document (3449660) is provided subject to the disclaimer at the end of this document.

Environment

Novell NetWare 6.5
Novell eDirectory 8.7.3 for all platforms

Situation

LDAP authentication is successful even without a password.
When authenticating with LDAP binds, if no password is used authentication is successful.
If an incorrect password is supplied, authentication fails.
Using the correct password is successful.
This problem does not occur in the ConsoleOne utility, which does not use LDAP binds.

Resolution

This behavior is in accordance to RFC 2251 (LDAP v3).

To disable Anonymous Simple Binds, login to iManager and do the following:

Select LDAP | LDAP Optoins | View LDAP Servers | Select your LDAP server | select the "connections tab" | Scroll down to"Restrictions" and set the "Bind Restrictions" to "Disallow anonymous simple bind".

Once this setting is made and applied, Anonymous Simple binds will return "Inappropriate authentication (48) additional info: Anonymous Simple Bind Disabled."

Additional Information

An LDAP bind in which a username is provided, but not a password, is treated as an "anonymous" bind. Whatever rights the "Public" entity in eDirectory has, the same will be available to an anonymous bind. Therefore, even without a password, access may be granted based on "Public".

Formerly known as TID# 10057574

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3449660
  • Creation Date:21-JUN-07
  • Modified Date:29-MAY-12
    • NovellNetWare

Did this document solve your problem? Provide Feedback