From 58eee981179e0a954e55b6807879429276239bb5 Mon Sep 17 00:00:00 2001
From: rithu john <rithujohn191@gmail.com>
Date: Fri, 28 Apr 2017 14:57:10 -0700
Subject: [PATCH] connector/ldap: check for blank passwords and return error.

---
 connector/ldap/ldap.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index 01c8f922..ea6e835a 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -345,6 +345,11 @@ func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.E
 }
 
 func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username, password string) (ident connector.Identity, validPass bool, err error) {
+	// make this check to avoid anonymous bind to the LDAP server.
+	if password == "" {
+		return connector.Identity{}, false, nil
+	}
+
 	var (
 		// We want to return a different error if the user's password is incorrect vs
 		// if there was an error.
-- 
GitLab