Issues

ZF-2994: Allow for anonymous bind in Zend_Ldap

Description

Currently it is not possible to anonymously bind to a LDAP server - it's required to provide a username and a passwort for a bind. It also is not possible to do an account search without prior binding as a distinct user. But LDAP generally allows for anonymous binds to LDAP servers. It should be no problem to add this feature as the ext/ldap also provides this functionality.

Just a quick & dirty solution (this surely can be refactored more nicely):

Zend/Ldap.php:

Add after line 632:


if ($username===null && $password===null) $bindAnonymously=true;
else $bindAnonymously=false;

Change line 634:


if (!$bindAnonymously && !$username) {

Change line 644:


if (!$bindAnonymously && !Zend_Ldap::explodeDn($username)) {

Change line 688:


$message = ($bindAnonymously) ? "anonymous bind" : $username;

Comments

Patch to include quick&dirty solution to anonymous bind.

Please evaluate and categorize as necessary.

Fixed in r10171.

Note that Zend_Ldap has always supported anonymous binds. However, to do so required supplying a username and a null password which is strange to say the least.

Therefore, the semantics of the Zend_Ldap::bind() method has been changed slightly so that if the username is null (or not supplied) this is interpreted as a desire to bind with the default credentials or anonymously if no default credentials are supplied. So to bind anonymously, you simply do not supply default credentials and do not supply parameters to bind (or supply a null username).

Note that it is currently not possible to perform an anonymous bind if default credentials have been supplied. We could check to see if parameters were supplied to Zend_Ldap::bind() and perform or not perform the bind anonymously based on that. But that could be awkward and it's not clear that we need this feature.

Updating for the 1.6.0 release.