When server is using LDAP authentication and you type a valid user and keep password empty access is granted. It is because LDAP simple authentication allow one method called UNAUTHENTICATED described here https://tools.ietf.org/html/rfc4513#section-5.1.2 .
Normally login interfaces require non empty password but HTTP basic auth does not. The PR add a flag to force non empty password even if LDAP server allow unauthenticated login.
If it is false or not informed authentication behavior does not change.
When server is using LDAP authentication and you type a valid user and keep password empty access is granted. It is because LDAP simple authentication allow one method called UNAUTHENTICATED described here https://tools.ietf.org/html/rfc4513#section-5.1.2 .
Normally login interfaces require non empty password but HTTP basic auth does not. The PR add a flag to force non empty password even if LDAP server allow unauthenticated login.
If it is false or not informed authentication behavior does not change.