From 58eee981179e0a954e55b6807879429276239bb5 Mon Sep 17 00:00:00 2001 From: rithu john Date: Fri, 28 Apr 2017 14:57:10 -0700 Subject: [PATCH] connector/ldap: check for blank passwords and return error. --- connector/ldap/ldap.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 01c8f922..ea6e835a 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -345,6 +345,11 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E } func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username, password string) (ident connector.Identity, validPass bool, err error) { + // make this check to avoid anonymous bind to the LDAP server. + if password == "" { + return connector.Identity{}, false, nil + } + var ( // We want to return a different error if the user's password is incorrect vs // if there was an error.