Обсуждение: Re: ldap authentication allows logon with blank password

Поиск
Список
Период
Сортировка

Re: ldap authentication allows logon with blank password

От
lighthouse.software@gmail.com
Дата:
Here is the log output when I try different passwords:

When I enter an incorrect password I get the following:

[unknown] [unknown]  2007-12-05 13:55:29 CST LOG:  connection
received: host=111.111.111.111 port=1791
user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG:  received
password packet
user test_db 111.111.111.111 2007-12-05 13:55:29 CST LOG:  LDAP login
failed for user "DOMAIN\user" on server "pdc": error code 49
user test_db 111.111.111.111 2007-12-05 13:55:29 CST FATAL:  LDAP
authentication failed for user "user"
user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG:
proc_exit(1)
user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG:
shmem_exit(1)
user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG:  exit(1)
   2007-12-05 13:55:29 CST DEBUG:  reaping dead processes
   2007-12-05 13:55:29 CST DEBUG:  server process (PID 29417) exited
with exit code 1

When I enter a blank password I get:

[unknown] [unknown]  2007-12-05 13:56:53 CST LOG:  connection
received: host=111.111.111.111 port=1962
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:  received
password packet
user test_db 111.111.111.111 2007-12-05 13:56:53 CST LOG:  connection
authorized: user=user database=test_db
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:  postgres
child[29422]: starting with (
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:
postgres
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:    -
v196608
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:    -y
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:    test_db
user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG:

And when I enter the correct password I get:

[unknown] [unknown]  2007-12-05 13:58:27 CST LOG:  connection
received: host=111.111.111.111 port=2152
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:  received
password packet
user test_db 111.111.111.111 2007-12-05 13:58:27 CST LOG:  connection
authorized: user=user database=test_db
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:  postgres
child[29445]: starting with (
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:
postgres
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:    -
v196608
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:    -y
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:    test_db
user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG:

The difference is when I connect with the blank password the domain
account gets locked out.

Is there anywhere else I can look to help diagnose the problem?

Re: ldap authentication allows logon with blank password

От
lighthouse.software@gmail.com
Дата:
After some investigation into Open LDAP I discovered that a post that
states:

"A bind with a DN but with an empty password is equivalent to an
anonymous
bind, while a bind with a DN and with a wrong password is not;"

So could this cause a blank password to allow access to the database
as the LDAP server
is successfully connecting anonymously?