 Author
|
Topic: eDirectory authentication is successful even without a password (Read 263 times)
|
wbirchett
Jr. Member
Karma: +1/-0
Posts: 3
|
Ran into an instance that Novell eDirectory was allowing users into the portal with any password as long as the username was valid. The issue was easily fixed using this document from Novell. Article #3449660 Situation
LDAP authentication is successful even without a password.
When authenticating with LDAP binds, if no password is used authentication is successful.
If an incorrect password is supplied, authentication fails.
Using the correct password is successful.
This problem does not occur in the ConsoleOne utility, which does not use LDAP binds.
Resolution
This behavior is in accordance to RFC 2251 (LDAP v3).
To disable Anonymous Simple Binds, login to iManager and do the following:
Select LDAP | LDAP Optoins | View LDAP Servers | Select your LDAP server | select the "connections tab" | Scroll down to"Restrictions" and set the "Bind Restrictions" to "Disallow anonymous simple bind".
Once this setting is made and applied, Anonymous Simple binds will return "Inappropriate authentication (48) additional info: Anonymous Simple Bind Disabled."
Additional Information
An LDAP bind in which a username is provided, but not a password, is treated as an "anonymous" bind. Whatever rights the "Public" entity in eDirectory has, the same will be available to an anonymous bind. Therefore, even without a password, access may be granted based on "Public".
|
|
|
|
|
|
 |
VBrick Forum
Logged
