Home > mailing lists

BUG #4877: LDAP auth allows empty password string - Mailing list pgsql-bugs

From	Richard Tector
Subject	BUG #4877: LDAP auth allows empty password string
Date	June 24, 2009 11:36:44
Msg-id	200906241021.n5OALDCR091175@wwwmaster.postgresql.org Whole thread Raw
Responses	Re: BUG #4877: LDAP auth allows empty password string
List	pgsql-bugs

Tree view

The following bug has been logged online:

Bug reference:      4877
Logged by:          Richard Tector
Email address:      richard@tector.org.uk
PostgreSQL version: 8.3.7
Operating system:   FreeBSD 7.2-RELEASE-p1
Description:        LDAP auth allows empty password string
Details:

In general the client libraries for PostgreSQL error if an empty password is
used. The JDBC drivers do not, and this has uncovered a problem with the
server's LDAP authentication code.

When authenticating against Active Directory using the method:
ldap "ldap://osiris.capl.local/dc=capl,dc=local;CAPL\"
Authentication is successful with both the correct password and an empty
password, so long as a valid user is supplied. Using a non-existent username
or an incorrect password correctly produces an error and the logon fails.

pgsql-bugs by date:

From: Heikki Linnakangas
Date: 24 June 2009, 11:03:16
Subject: Re: psql: FATAL: the database system is in recovery mode

From: Magnus Hagander
Date: 24 June 2009, 11:45:11
Subject: Re: BUG #4877: LDAP auth allows empty password string

BUG #4877: LDAP auth allows empty password string - Mailing list pgsql-bugs

Previous

Next