Use simple bind method if LDAP accepts anonymous bind

nginxinc / nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module

BSD 2-Clause "Simplified" License

683 stars 202 forks source link

Use simple bind method if LDAP accepts anonymous bind #5

Closed DmitriyLyalyuev closed 7 years ago

vl-homutov commented 8 years ago

wouldn't it be just enough to remove default for binddn at line 147? this should results in binding with empty name and password, i.e. anonymous bind, as desired. Currently omitting binddn in configuration leads to 'unauthenticated bind' (cn=anonymous and empty password), which is usually disabled by default (at least in openldap).

DmitriyLyalyuev commented 8 years ago

I tested with cn=anonymous with no password and got this error: Error while binding as search user: {'info': 'unauthenticated bind (DN with no password) disallowed', 'desc': 'Server is unwilling to perform'}, server="ldap://127.0.0.1:389"

Now tested with 'binddn': ('X-Ldap-BindDN', ''), and this working fine.

May be should binddn be set to '' as default?

vl-homutov commented 8 years ago

yes, this is the correct solution.

DmitriyLyalyuev commented 8 years ago

Second commit edit this. Can you apply PR or I should ammend commits with correct thing.

vl-homutov commented 8 years ago

I'll just commit the fix later by myself.

DmitriyLyalyuev commented 8 years ago

Ok. Thanks.