[SERVER-25709] Allow failed LDAP binding to fallback onto native LDAP authentication user Created: 19/Aug/16 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Internal Code, Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Participants: |
| Description |
|
If no LDAP bind user has been specified, we currently attempt to perform LDAP authorization queries without binding as a user. Many LDAP servers will disallow anonymous binds. We may want to reattempt queries which fail for this reason, binding with the same user and password as the authentication user, which will likely be authorized to perform queries for its own groups. |