AD(LDAP) Authentication, bind with no password.
Issue
- User has JBoss Fuse configured to authentication against LDAP (Active Directory).
- While testing of logging for login failures user discovered that when prompted for a password, user was authenticated when providing NO password.
- When user provided a bad password login fails.
- User did some interactive testing with AD and it converts a bind request to anonymous when NO password is required. user haven't read the RFC, but other reading user have done indicates that this is in fact correct LDAP behavior.
- This means that Fuse must BLOCK login attempts with blank passwords.
Environment
- Red Hat JBoss Fuse
- 6.1.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
