X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FLdapCommon%2FLdapCommon.php;fp=plugins%2FLdapCommon%2FLdapCommon.php;h=09ff54bad9fca7161f7b69103f6b6d6c4d8c979d;hb=2db8aa3ec3f6804f8f16efe754aafb149f4035c9;hp=d583e30857a719eadd4ff383591130444640948a;hpb=6bbc8ca234f3fe074cf398cd1f242cd4e2dd7df3;p=quix0rs-gnu-social.git

diff --git a/plugins/LdapCommon/LdapCommon.php b/plugins/LdapCommon/LdapCommon.php
index d583e30857..09ff54bad9 100644
--- a/plugins/LdapCommon/LdapCommon.php
+++ b/plugins/LdapCommon/LdapCommon.php
@@ -144,6 +144,12 @@ class LdapCommon
         if(!$entry){
             return false;
         }else{
+            if(empty($password)) {
+                //NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string
+                //which causes all login attempts that involve a blank password to appear
+                //to succeed. Which is obviously not good.
+                return false;
+            }
             $config = $this->get_ldap_config();
             $config['binddn']=$entry->dn();
             $config['bindpw']=$password;