ZF-2994: Allow for anonymous bind in Zend_Ldap

Issue Type: New Feature Created: 2008-03-28T15:27:33.000+0000 Last Updated: 2008-09-02T10:39:23.000+0000 Status: Resolved Fix version(s): - 1.6.0 (02/Sep/08)

Reporter: Stefan Gehrig (sgehrig) Assignee: Michael B Allen (miallen) Tags: - Zend_Ldap

Related issues: Attachments: - Zend_Ldap_ZF-2994.diff


Currently it is not possible to anonymously bind to a LDAP server - it's required to provide a username and a passwort for a bind. It also is not possible to do an account search without prior binding as a distinct user. But LDAP generally allows for anonymous binds to LDAP servers. It should be no problem to add this feature as the ext/ldap also provides this functionality.

Just a quick & dirty solution (this surely can be refactored more nicely):


Add after line 632:

<pre class="highlight">
if ($username===null && $password===null) $bindAnonymously=true;
else $bindAnonymously=false;

Change line 634:

<pre class="highlight">
if (!$bindAnonymously && !$username) {

Change line 644:

<pre class="highlight">
if (!$bindAnonymously && !Zend_Ldap::explodeDn($username)) {

Change line 688:

<pre class="highlight">
$message = ($bindAnonymously) ? "anonymous bind" : $username;


Posted by Stefan Gehrig (sgehrig) on 2008-03-31T10:24:09.000+0000

Patch to include quick&dirty solution to anonymous bind.

Posted by Wil Sinclair (wil) on 2008-03-31T15:01:47.000+0000

Please evaluate and categorize as necessary.

Posted by Michael B Allen (miallen) on 2008-07-17T22:09:39.000+0000

Fixed in r10171.

Note that Zend_Ldap has always supported anonymous binds. However, to do so required supplying a username and a null password which is strange to say the least.

Therefore, the semantics of the Zend_Ldap::bind() method has been changed slightly so that if the username is null (or not supplied) this is interpreted as a desire to bind with the default credentials or anonymously if no default credentials are supplied. So to bind anonymously, you simply do not supply default credentials and do not supply parameters to bind (or supply a null username).

Note that it is currently not possible to perform an anonymous bind if default credentials have been supplied. We could check to see if parameters were supplied to Zend_Ldap::bind() and perform or not perform the bind anonymously based on that. But that could be awkward and it's not clear that we need this feature.

Posted by Wil Sinclair (wil) on 2008-09-02T10:39:23.000+0000

Updating for the 1.6.0 release.

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.