New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disallow LDAP anonymous bind #1277
Comments
|
@satterly are you in this one referring to a login as: or: The first is not an anonymous bind as the RFC you've linked above states. It is an unauthenticated bind as referred in section 5.1.2 (anonymous in 5.1.1): Thanks in advance for clarification. Cheers, |
|
I was intending to modify Alerta API to reject with 401 any attempt to login using zero-length password which would prevent both of the above scenarios. Is that not the right approach? |
|
I think Cheers, |
|
@satterly Is this incorporated into a release yet? And also, any way I can contact you outside an issue that is open for anyone to read? Cheers, |
https://stackoverflow.com/a/27873735
https://tools.ietf.org/html/rfc4513#section-5.2.1.1
https://tools.ietf.org/html/rfc4513#section-6.3.1
The text was updated successfully, but these errors were encountered: