Use godap without LDAP credentials?

[HenrikBengtsson]

Hello, first-time user here. Is it possible to run godap as a non-privileged user without LDAP credentials? I can query the LDAP server using ldapsearch. However, trying with godap, I get:

$ ./godap myserver
2024/07/25 22:03:37 LDAP Result Code 206 "Empty password not allowed by the client": ldap: empty password not allowed by the client

Looking at https://github.com/Macmod/godap?tab=readme-ov-file#usage, I also tried:

$ godap myserver -p anything
2024/07/25 22:07:27 LDAP Result Code 49 "Invalid Credentials": 

and

$ ./godap myserver -p ""
2024/07/25 22:07:41 LDAP Result Code 206 "Empty password not allowed by the client": ldap: empty password not allowed by the client

The above is with:

$ ./godap version
Godap v2.7.2

[Macmod]

Hi mate,

I haven't seen this scenario yet - in AD it seems to work with the method mentioned in the README. Can you provide some details on what type of LDAP server you're trying to connect to so I can try to replicate it?

[HenrikBengtsson]

Thanks. I've actually got very little info on the LDAP server itself and the version, but it appears to be OpenLDAP. Here's some info, but it's very sparse:

$ ldapsearch -x -h m1 -s base -b "" "objectClass=*"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: objectClass=*
# requesting: ALL
#

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

This is on a Rocky 8 Linux HPC environment.

[Macmod]

I managed to reproduce the issue here.

The thing is, I used to think disallowing empty passwords was a limitation of the go-ldap/ldap package, and since in AD it works without the need of an empty password I never thought of trying to fix that error.

I just found out they have a specific method for that (UnauthenticatedBind) and it seems to work fine with AD / OpenLDAP.

Can you please try the latest commit?

[HenrikBengtsson]

Beautiful - it works. Thanks.

(I leave it to you to close this issue)