AD(LDAP) Authentication, bind with no password.

Solution Verified - Updated -

Issue

  • User has JBoss Fuse configured to authentication against LDAP (Active Directory).
  • While testing of logging for login failures user discovered that when prompted for a password, user was authenticated when providing NO password.
  • When user provided a bad password login fails.
  • User did some interactive testing with AD and it converts a bind request to anonymous when NO password is required. user haven't read the RFC, but other reading user have done indicates that this is in fact correct LDAP behavior.
  • This means that Fuse must BLOCK login attempts with blank passwords.

Environment

  • Red Hat JBoss Fuse
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content