Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
LDAP server, PHP, and not allowing null passwords.
My code currently checks password for boolean true (yes, I will exclude some values that might be valid non-null LDAP passwords, such as "0") to avoid allowing blank password logins with LDAP. But is this enough?
Is it possible to create a value that PHP will consider non-null but will be treated as a blank password by LDAP? perhaps a string with 0x0 (empty C-string) or some other such hackerish monstrosity?
using ldap_bind()
There are three possibilities covered by the LDAP standard regarding simple BIND operations and one possibility not addressed by the standard:
And lastly, not addressed by the LDAP standard:
What the server does for the first two depends on the configuration of the server but since no authentication takes place the BIND operation should be rejected if the server is properly configured.