Open jnfingerle opened 9 years ago
Is there any option other than just rejecting empty passwords here? :(
If it's configurable, I think that's a valid option.
Having said that, you could check for group memberships etc, but I think that's beyond the scope of this package.
When trying to authenticate against an ActiveDirectory LDAP server, logins with an empty password will be accepted. AD thinks of those as anonymous logins (even though a username was provided), but since AD won't return an error sinopia-ldap accepts those logins as fully validated.