zerok
commented
8 years ago Is there any option other than just rejecting empty passwords here? :(
Open jnfingerle opened 9 years ago
zerok
commented
8 years ago Is there any option other than just rejecting empty passwords here? :(
jnfingerle
commented
8 years ago If it's configurable, I think that's a valid option.
Having said that, you could check for group memberships etc, but I think that's beyond the scope of this package.
When trying to authenticate against an ActiveDirectory LDAP server, logins with an empty password will be accepted. AD thinks of those as anonymous logins (even though a username was provided), but since AD won't return an error sinopia-ldap accepts those logins as fully validated.