* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers

as ejabberd is providing other anonymous authentication mechanism (EJAB-190). SVN Revision: 731
author: Mickaël Rémond <mickael.remond@process-one.net> 2007-02-19 13:27:18 +0000
committer: Mickaël Rémond <mickael.remond@process-one.net> 2007-02-19 13:27:18 +0000
commit: 90488e5f37c88b52bae9dd3f42b6dacae108b9ca (patch)
tree: 436a92b7659dc30464f1e240d305319f51dd4106 /src
parent: * src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/src/ejabberd_auth_ldap.erl b/src/ejabberd_auth_ldap.erl
index baebe1523..5fcd44c3b 100644
--- a/src/ejabberd_auth_ldap.erl
+++ b/src/ejabberd_auth_ldap.erl
@@ -120,11 +120,16 @@ plain_password_required() ->
     true.
 
 check_password(User, Server, Password) ->
-    case catch check_password_ldap(User, Server, Password) of
-	{'EXIT', _} ->
-	    false;
-	Result ->
-	    Result
+    %% In LDAP spec: empty password means anonymous authentication.
+    %% As ejabberd is providing other anonymous authentication mechanisms
+    %% we simply prevent the use of LDAP anonymous authentication.
+    if Password == "" ->
+        false;
+    true ->
+        case catch check_password_ldap(User, Server, Password) of
+	        {'EXIT', _} -> false;
+	        Result -> Result
+        end
     end.
 
 check_password(User, Server, Password, _StreamID, _Digest) ->
author	Mickaël Rémond <mickael.remond@process-one.net>	2007-02-19 13:27:18 +0000
committer	Mickaël Rémond <mickael.remond@process-one.net>	2007-02-19 13:27:18 +0000
commit	90488e5f37c88b52bae9dd3f42b6dacae108b9ca (patch)
tree	436a92b7659dc30464f1e240d305319f51dd4106 /src
parent	* src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized (diff)