From 02f70179fa14d05bae3e2f47f41d36749e2c63cd Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 13 Nov 2009 08:27:04 +0000
Subject: [PATCH] LDAP: Disallow bind with empty password.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1986 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/ldap/lib/ConfigHelper.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/ldap/lib/ConfigHelper.php b/modules/ldap/lib/ConfigHelper.php
index 7fc63ba2f..fea883ea5 100644
--- a/modules/ldap/lib/ConfigHelper.php
+++ b/modules/ldap/lib/ConfigHelper.php
@@ -167,6 +167,11 @@ class sspmod_ldap_ConfigHelper {
 		assert('is_string($username)');
 		assert('is_string($password)');
 
+		if (empty($password)) {
+			SimpleSAML_Logger::info($this->location . ': Login with empty password disallowed.');
+			throw new SimpleSAML_Error_Error('WRONGUSERPASS');
+		}
+
 		$ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout);
 
 		if (!$this->searchEnable) {
-- 
GitLab