Обсуждение: Re: ldap authentication allows logon with blank password
Here is the log output when I try different passwords: When I enter an incorrect password I get the following: [unknown] [unknown] 2007-12-05 13:55:29 CST LOG: connection received: host=111.111.111.111 port=1791 user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG: received password packet user test_db 111.111.111.111 2007-12-05 13:55:29 CST LOG: LDAP login failed for user "DOMAIN\user" on server "pdc": error code 49 user test_db 111.111.111.111 2007-12-05 13:55:29 CST FATAL: LDAP authentication failed for user "user" user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG: proc_exit(1) user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG: shmem_exit(1) user test_db 111.111.111.111 2007-12-05 13:55:29 CST DEBUG: exit(1) 2007-12-05 13:55:29 CST DEBUG: reaping dead processes 2007-12-05 13:55:29 CST DEBUG: server process (PID 29417) exited with exit code 1 When I enter a blank password I get: [unknown] [unknown] 2007-12-05 13:56:53 CST LOG: connection received: host=111.111.111.111 port=1962 user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: received password packet user test_db 111.111.111.111 2007-12-05 13:56:53 CST LOG: connection authorized: user=user database=test_db user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: postgres child[29422]: starting with ( user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: postgres user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: - v196608 user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: -y user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: test_db user test_db 111.111.111.111 2007-12-05 13:56:53 CST DEBUG: And when I enter the correct password I get: [unknown] [unknown] 2007-12-05 13:58:27 CST LOG: connection received: host=111.111.111.111 port=2152 user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: received password packet user test_db 111.111.111.111 2007-12-05 13:58:27 CST LOG: connection authorized: user=user database=test_db user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: postgres child[29445]: starting with ( user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: postgres user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: - v196608 user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: -y user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: test_db user test_db 111.111.111.111 2007-12-05 13:58:27 CST DEBUG: The difference is when I connect with the blank password the domain account gets locked out. Is there anywhere else I can look to help diagnose the problem?
After some investigation into Open LDAP I discovered that a post that states: "A bind with a DN but with an empty password is equivalent to an anonymous bind, while a bind with a DN and with a wrong password is not;" So could this cause a blank password to allow access to the database as the LDAP server is successfully connecting anonymously?