Zend Framework

Allow for anonymous bind in Zend_Ldap

Details

  • Type: New Feature New Feature
  • Status: Resolved Resolved
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.5.0RC1, 1.5.0RC2, 1.5.0RC3, 1.5.0, 1.5.0PL1, 1.5.1
  • Fix Version/s: 1.6.0
  • Component/s: Zend_Ldap
  • Labels:
    None

Description

Currently it is not possible to anonymously bind to a LDAP server - it's required to provide a username and a passwort for a bind. It also is not possible to do an account search without prior binding as a distinct user. But LDAP generally allows for anonymous binds to LDAP servers.
It should be no problem to add this feature as the ext/ldap also provides this functionality.

Just a quick & dirty solution (this surely can be refactored more nicely):

Zend/Ldap.php:

Add after line 632:

if ($username===null && $password===null) $bindAnonymously=true;
else $bindAnonymously=false;

Change line 634:

if (!$bindAnonymously && !$username) {

Change line 644:

if (!$bindAnonymously && !Zend_Ldap::explodeDn($username)) {

Change line 688:

$message = ($bindAnonymously) ? "anonymous bind" : $username;

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Stefan Gehrig added a comment -

Patch to include quick&dirty solution to anonymous bind.

Show
Stefan Gehrig added a comment - Patch to include quick&dirty solution to anonymous bind.
Hide
Permalink
Wil Sinclair added a comment -

Please evaluate and categorize as necessary.

Show
Wil Sinclair added a comment - Please evaluate and categorize as necessary.
Hide
Permalink
Michael B Allen added a comment -

Fixed in r10171.

Note that Zend_Ldap has always supported anonymous binds. However, to do so required supplying a username and a null password which is strange to say the least.

Therefore, the semantics of the Zend_Ldap::bind() method has been changed slightly so that if the username is null (or not supplied) this is interpreted as a desire to bind with the default credentials or anonymously if no default credentials are supplied. So to bind anonymously, you simply do not supply default credentials and do not supply parameters to bind (or supply a null username).

Note that it is currently not possible to perform an anonymous bind if default credentials have been supplied. We could check to see if parameters were supplied to Zend_Ldap::bind() and perform or not perform the bind anonymously based on that. But that could be awkward and it's not clear that we need this feature.

Show
Michael B Allen added a comment - Fixed in r10171. Note that Zend_Ldap has always supported anonymous binds. However, to do so required supplying a username and a null password which is strange to say the least. Therefore, the semantics of the Zend_Ldap::bind() method has been changed slightly so that if the username is null (or not supplied) this is interpreted as a desire to bind with the default credentials or anonymously if no default credentials are supplied. So to bind anonymously, you simply do not supply default credentials and do not supply parameters to bind (or supply a null username). Note that it is currently not possible to perform an anonymous bind if default credentials have been supplied. We could check to see if parameters were supplied to Zend_Ldap::bind() and perform or not perform the bind anonymously based on that. But that could be awkward and it's not clear that we need this feature.
Hide
Permalink
Wil Sinclair added a comment -

Updating for the 1.6.0 release.

Show
Wil Sinclair added a comment - Updating for the 1.6.0 release.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.