Howto Ldap Auth: Difference between revisions
From Pumping Station One
| Line 63: | Line 63: | ||
| ldap field that stores the user's email address | | ldap field that stores the user's email address | ||
| Minimum password length | | Minimum password length | ||
|- | |||
| 1 | | 1 | ||
| AD lets users bind to ldap with 0 length passwords. It's fscked up, but accepted. | | AD lets users bind to ldap with 0 length passwords. It's fscked up, but accepted. | ||
| Line 72: | Line 73: | ||
* Start without the filter field, add it later. | * Start without the filter field, add it later. | ||
* When a service checks a password, it usually attempts to bind to samba as that user. To bind successfully, it needs to bind as user@PS1 | * When a service checks a password, it usually attempts to bind to samba as that user. To bind successfully, it needs to bind as user@PS1 | ||
** Some services apply setting different e.g. as a regex on the user, or as a template setting. | |||
* If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. | * If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. | ||
