| From: | "Richard Tector" <richard(at)tector(dot)org(dot)uk> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #4877: LDAP auth allows empty password string |
| Date: | 2009-06-24 10:21:13 |
| Message-ID: | 200906241021.n5OALDCR091175@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 4877
Logged by: Richard Tector
Email address: richard(at)tector(dot)org(dot)uk
PostgreSQL version: 8.3.7
Operating system: FreeBSD 7.2-RELEASE-p1
Description: LDAP auth allows empty password string
Details:
In general the client libraries for PostgreSQL error if an empty password is
used. The JDBC drivers do not, and this has uncovered a problem with the
server's LDAP authentication code.
When authenticating against Active Directory using the method:
ldap "ldap://osiris.capl.local/dc=capl,dc=local;CAPL\"
Authentication is successful with both the correct password and an empty
password, so long as a valid user is supplied. Using a non-existent username
or an incorrect password correctly produces an error and the logon fails.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2009-06-24 10:38:24 | Re: psql: FATAL: the database system is in recovery mode |
| Previous Message | Brendan Jurd | 2009-06-24 09:38:26 | Re: BUG #4862: different results in to_date() between 8.3.7 & 8.4.RC1 |