> > On Mon, May 8, 2017 at 10:37 AM, Dirk van Deun <dvandeun@xxxxxxxxxxxxxxx> wrote: > >> > >> Are you able to recompile? > >> > >> untested: http://people.apache.org/~covener/patches/2.4.x-bindpw_empty.diff > >> > >> you would not specify the directive in your case > >> > > > > That fixes it. If there is no other way around this, it would indeed > > seem to be a bug. > > > I can't really think of any feasible workaround to intercept that and > replace the password. > > If you're able, can you confirm s/AUTH_USER_NOT_FOUND/AUTH_DENIED/ > works too? Probably more appropriate. > That is okay: no visible difference for the user. By the way, do you think there is actually a good use case for AuthLDAPInitialBindAsUserAllowEmptyPassword ? It amounts to allowing users to implement their own passwordless bind, presumably for servers that are secured not to allow anonymous bind, or else you would use anonymous bind in the first place... Dirk van Deun -- Ceterum censeo Redmond delendum --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|