Re: connecting with LDAP bind?
From: Harpstein (mharp_at_seapine.com)
Date: 04/22/04
- Next message: George Barley: "Re: group policy?"
- Previous message: Adam Grice: "RE: win2k prof not registering with win2k domain"
- In reply to: Stefan Buchman: "Re: connecting with LDAP bind?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 22 Apr 2004 14:42:50 -0400
I have my own client, but I'm using the OpenLDAP (www.openldap.org) C
library for the ldap interface.
I don't believe that I'm hitting the rootDSE, but maybe I need clarification
on what I'm "hitting".
I create a user in my AD of "Fred Moot" with a username="fred",
password="moot"
then I do ldap_init to my AD server, then call
unsigned long ul = ldap_bind_s( pldap, "fred", "", LDAP_AUTH_SIMPLE );
Shouldn't this fail since fred's password is not blank? And I am logging in
as Fred Moot with this call correct, not just connecting to the AD server to
browse it right?
my real setup is that I'm running a Win2k3 server as a VPC (Microsoft
VirtualPC) on my own WinXP box, and my WinXP box is logged into a company
domain while my VPC Win2k3 box is running a dummy AD on a dummy domain as
it's own domain controller. And there is no user on the dummy VPC domain
that matches my login acct to the company domain. So, I'm not clear on how
it could be using my company domain login to login to my dummy domain on the
VPC.
I think I'm doing something wrong, or misunderstanding what I'm doing.
Thanks,
harpstein
"Stefan Buchman" <stefan2002b@yahoo.com> wrote in message
news:74da6566.0404211401.4218dad@posting.google.com...
> What LDAP client are you using. It's possible that it's using SSPI to
> authenticate you to AD since no password was entered or you could just
> be hitting the rootDSE which allows anonymous connections.
>
> - Stefan
>
> "Harpstein" <mharp@seapine.com> wrote in message
news:<#n7OJa8JEHA.3728@TK2MSFTNGP12.phx.gbl>...
> > I have AD setup on a Win2k3 system. It's all working and I can browse
the
> > data from a LDAP client.
> >
> > However, when I go to authenticate myself to the server, it works if I
leave
> > the password blank.
> >
> > I can send in the correct password, like "fred" and it works.
> >
> > I can send in an empty password and it works.
> >
> > It only fails if I send in a non-empty password that doesn't match the
> > actual password on the user record in AD.
> >
> >
> > Is there some sort of setting causing this? I'm new to AD and just
really
> > want to try it out against my LDAP client but I don't see why binding
would
> > work when I give it an empty password. Isn't this a big security hole?
> >
> >
> > Any help would be much appreciated.
> >
> > Thanks,
> >
> > harpstein
- Next message: George Barley: "Re: group policy?"
- Previous message: Adam Grice: "RE: win2k prof not registering with win2k domain"
- In reply to: Stefan Buchman: "Re: connecting with LDAP bind?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
