Protect against passwordless auth in ldap

theforeman · Oct 31, 2012 · e4c90a5 · e4c90a5
1 parent 1de1791
commit e4c90a5
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/ldap_fluff/ldap_fluff.rb b/lib/ldap_fluff/ldap_fluff.rb
@@ -23,7 +23,12 @@ def initialize(config=nil)
   # return true if the user password combination
   # authenticates the user, otherwise false
   def authenticate?(uid, password)
-    @ldap.bind? uid, password
+    if password.nil? || password.empty?
+      # protect against passwordless auth from ldap server
+      return false
+    else
+      @ldap.bind? uid, password
+    end
   end
 
   # return a list[] of groups for a given uid