You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems there is issue with LDAP binding to AD. The base library used here is not the same, but problem seems to be the same as described in here: go-ldap/ldap#93
Authenticate method could verify the password length and not even try binding if password is empty and return error message. Probably should be configurable if it might be necessary to use such functionality.
At least notification should be added for the function in docs to be aware of this as a possible user password authentication flaw. For me was quite a surprise to get logged in when I accidentally left my password empty.
The topic is quite explanatory.
It seems there is issue with LDAP binding to AD. The base library used here is not the same, but problem seems to be the same as described in here: go-ldap/ldap#93
Authenticate method could verify the password length and not even try binding if password is empty and return error message. Probably should be configurable if it might be necessary to use such functionality.
At least notification should be added for the function in docs to be aware of this as a possible user password authentication flaw. For me was quite a surprise to get logged in when I accidentally left my password empty.
edit: seems it is duplicate of #16 and #11
The text was updated successfully, but these errors were encountered: