Merge pull request #7 from rithujohn191/ldap-password-check

connector/ldap: check for blank passwords and return error.
2017-05-01 17:06:55 -07:00 · 2017-05-01 17:06:55 -07:00 · 10253725de
parent 65318da86e 58eee98117
commit 10253725de
1 changed files with 5 additions and 0 deletions
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -345,6 +345,11 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
 }

 func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username, password string) (ident connector.Identity, validPass bool, err error) {
+	// make this check to avoid anonymous bind to the LDAP server.
+	if password == "" {
+		return connector.Identity{}, false, nil
+	}
+
 	var (
 		// We want to return a different error if the user's password is incorrect vs
 		// if there was an error.