> On Thu, Apr 10, 2025 at 09:06:34PM +0100, Jeremy Harris via Exim-users wrote:
> > On 2025/04/10 8:19 PM, Johnnie W Adams via Exim-users wrote:
> > > 14:16:37 121712 re-binding with user= password=foo
> > >
> > > 14:16:37 121712 Bind succeeded: ldapauth returns OK
> >
> > OK, I see two possible problems here.
> >
> > - The exim ldapauth condition returned true for "user= password=foo".
> > Is that combination really supposed to be valid?
> > What did LDAP think of the transaction?
Based on a quick skim of the LDAP RFCs (especially RFC 4513 section
5.1), this combination isn't covered in the standard, which describes
only blank user and password, non-blank user and blank password, and
non-blank both. I'm also not sure if the standard requires the LDAP
server to reject a request with blank user and non-blank password.
> Obviously LDAP server (192.168.28.66, Microsoft's DC) returns identical
> answers in both cases, for empty and non-empty users.
If this isn't covered in the standards, Microsoft's DC may be opting to
treat this as an anonymous bind (user and password both blank) and
allowing it on that basis (if it allows anonymous binds in general).
- cks
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
