We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 8d019c03 authored by Craig Andrews's avatar Craig Andrews

Do not allow blank passwords when authenticating against LDAP.

parent 42dd460d
......@@ -144,6 +144,12 @@ class LdapCommon
return false;
if(empty($password)) {
//NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string
//which causes all login attempts that involve a blank password to appear
//to succeed. Which is obviously not good.
return false;
$config = $this->get_ldap_config();
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment