Logging in with no password succeeds

etyp / meteor-accounts-ldap

A Meteor package for logging in and creating users with LDAP credentials

MIT License

39 stars 23 forks source link

Logging in with no password succeeds #10

Closed fletchgqc closed 8 years ago

fletchgqc commented 9 years ago

I'm using this code:

Meteor.loginWithLDAP(username, password,
    { dn: username + '@banana.org' },
    function(err) {
        if (err) {
            console.log(err);
            FlashMessages.sendError("Login failed");
            event.target.password.value = "";
        } else {
            console.log("Login succeeded");
        }
    }
);

Authentication with user/password succeeds and fails as expected, except that when I leave the password empty, login succeeds. Why is this?

darrenangle commented 9 years ago

doomdance commented 8 years ago

I'm also experiencing this but it looks like it may be specific to the AD set up as mentioned in this ldapjs issue: https://github.com/mcavage/node-ldapjs/issues/191

fletchgqc commented 8 years ago

Thanks doomdance. I think you are right. I think logging at least an info message with a link to the RFC would be the best behaviour of the module. Anyway, I'll check for empty password manually.