Skip to content
Snippets Groups Projects
Commit 02f70179 authored by Olav Morken's avatar Olav Morken
Browse files

LDAP: Disallow bind with empty password. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1986 44740490-163a-0410-bde0-09ae8108e29a
parent f1998492
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/ldap/lib/ConfigHelper.php
+ 5
0
View file @ 02f70179
...@@ -167,6 +167,11 @@ class sspmod_ldap_ConfigHelper { ...@@ -167,6 +167,11 @@ class sspmod_ldap_ConfigHelper {
assert('is_string($username)'); assert('is_string($username)');
assert('is_string($password)'); assert('is_string($password)');
if (empty($password)) {
SimpleSAML_Logger::info($this->location . ': Login with empty password disallowed.');
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
$ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout); $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout);
if (!$this->searchEnable) { if (!$this->searchEnable) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment