diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_auth_ldap.erl | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/ejabberd_auth_ldap.erl b/src/ejabberd_auth_ldap.erl index baebe1523..5fcd44c3b 100644 --- a/src/ejabberd_auth_ldap.erl +++ b/src/ejabberd_auth_ldap.erl @@ -120,11 +120,16 @@ plain_password_required() -> true. check_password(User, Server, Password) -> - case catch check_password_ldap(User, Server, Password) of - {'EXIT', _} -> - false; - Result -> - Result + %% In LDAP spec: empty password means anonymous authentication. + %% As ejabberd is providing other anonymous authentication mechanisms + %% we simply prevent the use of LDAP anonymous authentication. + if Password == "" -> + false; + true -> + case catch check_password_ldap(User, Server, Password) of + {'EXIT', _} -> false; + Result -> Result + end end. check_password(User, Server, Password, _StreamID, _Digest) -> |