The following bug has been logged online: Bug reference: 4877 Logged by: Richard Tector Email address: rich...@tector.org.uk PostgreSQL version: 8.3.7 Operating system: FreeBSD 7.2-RELEASE-p1 Description: LDAP auth allows empty password string Details:
In general the client libraries for PostgreSQL error if an empty password is used. The JDBC drivers do not, and this has uncovered a problem with the server's LDAP authentication code. When authenticating against Active Directory using the method: ldap "ldap://osiris.capl.local/dc=capl,dc=local;CAPL\"; Authentication is successful with both the correct password and an empty password, so long as a valid user is supplied. Using a non-existent username or an incorrect password correctly produces an error and the logon fails. -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
