diff options
| author | Evan Prodromou <evan@status.net> | 2010-09-22 10:35:29 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@status.net> | 2010-09-22 10:35:29 -0400 |
| commit | 829a017a5d0104f495cd0b645ecb1f3cdeda25ac (patch) | |
| tree | 43d24753a703abe01c39d8add1d3cf56494b3a9d /plugins | |
| parent | 76788d97902081800355c25d39a2b527bb282ea7 (diff) | |
| parent | 2db8aa3ec3f6804f8f16efe754aafb149f4035c9 (diff) | |
Merge remote branch 'gitorious/1.0.x' into 1.0.x
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/LdapCommon/LdapCommon.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/LdapCommon/LdapCommon.php b/plugins/LdapCommon/LdapCommon.php index d583e3085..09ff54bad 100644 --- a/plugins/LdapCommon/LdapCommon.php +++ b/plugins/LdapCommon/LdapCommon.php @@ -144,6 +144,12 @@ class LdapCommon if(!$entry){ return false; }else{ + if(empty($password)) { + //NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string + //which causes all login attempts that involve a blank password to appear + //to succeed. Which is obviously not good. + return false; + } $config = $this->get_ldap_config(); $config['binddn']=$entry->dn(); $config['bindpw']=$password; |