Changes

Jump to navigation Jump to search

Howto Ldap Auth (view source)

Revision as of 00:55, 20 July 2014

99 bytes added ,  00:55, 20 July 2014
→‎Common Settings
Line 63: Line 63:  
| ldap field that stores the user's email address
 
| ldap field that stores the user's email address
 
| Minimum password length
 
| Minimum password length
 +
|-
 
| 1
 
| 1
 
| AD lets users bind to ldap with 0 length passwords.  It's fscked up, but accepted.
 
| AD lets users bind to ldap with 0 length passwords.  It's fscked up, but accepted.
Line 72: Line 73:  
*  Start without the filter field, add it later.
 
*  Start without the filter field, add it later.
 
*  When a service checks a password, it usually attempts to bind to samba as that user.  To bind successfully, it needs to bind as user@PS1
 
*  When a service checks a password, it usually attempts to bind to samba as that user.  To bind successfully, it needs to bind as user@PS1
 +
** Some services apply setting different e.g. as a regex on the user, or as a template setting.
 
*  If you try and bind to ldap with a 0 length password, it "works", sort of.  There is no error, but you can't access anything substantial.  This is enough to fool services into thinking that the password was correct.
 
*  If you try and bind to ldap with a 0 length password, it "works", sort of.  There is no error, but you can't access anything substantial.  This is enough to fool services into thinking that the password was correct.
Retrieved from "https://ps1.mywikis.wiki/wiki/Special:MobileDiff/18307"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information

Navigation menu