directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <>
Subject [jira] Created: (DIRSERVER-1309) Connecting with null password causes wrong LDAP result code
Date Sun, 08 Feb 2009 21:23:02 GMT
Connecting with null password causes wrong LDAP result code

                 Key: DIRSERVER-1309
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 1.5.4
         Environment: Windows XP
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
ApacheDS 1.5.4
Sun ONE Directory SDK for Java 4.1
            Reporter: Stefan Zoerner
            Priority: Minor
             Fix For: 2.0.0-RC1

If a client tries to bind to the server with password value "null", the bind fails (OK) and
the return code is 53 (LDAP_UNWILLING_TO_PERFORM).

The expected behaviour according to the Open Group is different: 
Either we return error code 48 (LDAP_INAPPROPRIATE_AUTH) or 49 (LDAP_INVALID_CREDENTIALS),
 or we bind successfully, but accepts this as an anonymous client. 

IBM Tivoli Directory Server 6.0 for instance raises an RC 48.
Sun Java System Directory Server 5.2 has chosen option 2 (accepting as anonymous bind).
Please note that it is tricky to reproduce with JNDI. If you set the password in JNDI explicitly
to null, you cause an NPE on the client. I will continue to find a solution here. In the maentime,
find attached a test case with Sun ONE Directory SDK for Java 4.1.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message