Doesn't allow anonymous user lookup
Junyor - August 2, 2007 - 19:32
| Project: | LDAP integration |
| Version: | 5.x-1.3 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | kreaper |
| Status: | closed |
Jump to:
Description
It seems that the code doesn't allow anonymous user lookup. In _ldap_user_lookup:
// If there is no BINDDN and BINDPW -- the connect will be an anonymous connect
$ldap->connect($dn, $pass);which calls:
function connect($dn = '', $pass = '') {
$ret = FALSE;
// Do not attempt to connect with empty DN and pass... this usually
// is the result of misconfiguration in a helper module like ldapdata,
// where it is querying a non-existant server config.
if (!$dn) {
watchdog('LDAP Error','an LDAP module tried to connect with blank credentials.'
. ' Please check your LDAP modules and make sure ldapdata and any other '
. ' LDAP modules are using a valid server configuration name.', WATCHDOG_ERROR);
return $ret;
}So, it stops a blank DN, which would be used for anonymous user lookup.
I was unable to login until I commented out the above check for $dn.
#1
Junyor
You are correct. LDAP servers do allow for anonymous connections and as such, we should honor that as well. It creeped in during the early stages of module development from an old branch. (a botched cvs update to blame)
Fixed and committed to HEAD
#2
fix made available in 5.x-1.3