Open danielniccoli opened 11 years ago
From da...@davidjb.com on April 07, 2011 05:55:32 Attempting to bind anonymously with Cherokee 1.2.2 (Ubuntu 10.10, PPA) produces this error for me:
07/04/2011 15:50:45.501 validator_ldap.c:145 - Security problem found in LDAP validation config | LDAP validator: Potential security problem found: anonymous bind validation. Check (RFC 2251, section 4.2.2)
It might be 'potential' issue, but it's how I'm to interact with the LDAP system I'm to use. Can this be made a warning only or so forth?
From stephane...@gmail.com on September 17, 2011 16:19:00 It seems the anonymous bind is still a critical error on cherokee 1.2.99. Any plans to make this either a warning only or to fully support anonymous binds in the way apache does?
The auth will not be anonymous in the end since it's the user credentials that will be used to authenticate to the LDAP server. No cleartext passwords passed over.
Original author: stephane...@gmail.com (June 19, 2010 13:03:50)
What steps will reproduce the problem?
What is the expected output? What do you see instead? Apache mod_auth_ldap authentication allows to use user credentials binding and group ownership checking. I would like to be able to configure an equivalent of this in Cherokee: AuthBasicProvider ldap AuthType Basic AuthLDAPGroupAttribute uniqueMember AuthLDAPGroupAttributeIsDN on AuthLDAPURL "ldap://127.0.0.1/dc=mydomain,dc=net" require ldap-group cn=groupname,ou=Roles,dc=mydomain,dc=net
What version of the product are you using? On what operating system? 1.0.2 on Gentoo Linux
Please provide any additional information below.
Original issue: http://code.google.com/p/cherokee/issues/detail?id=913