From bb6e45a7fc24475d4e22405c073889dec7f88acc Mon Sep 17 00:00:00 2001
From: Michael Joseph <michael@knowledgetree.com>
Date: Wed, 26 Mar 2003 08:52:06 +0000
Subject: [PATCH] added check for null password- so we don't ldap bind anonymously

---
 lib/authentication/LDAPAuthenticator.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/authentication/LDAPAuthenticator.inc b/lib/authentication/LDAPAuthenticator.inc
index 947c52c..c94f904 100644
--- a/lib/authentication/LDAPAuthenticator.inc
+++ b/lib/authentication/LDAPAuthenticator.inc
@@ -59,7 +59,7 @@ class LDAPAuthenticator extends Authenticator {
         if ($this->oLdap->connect()) {
             // lookup dn from username - must exist in db
             $sBindDn = lookupField($default->owl_users_table, "ldap_dn", "username", $sUserName);
-            if ($sBindDn) {
+            if ($sBindDn && $sPassword) {
                 if ( $this->oLdap->authBind($sBindDn, $sPassword) ) {
                     return true;
                 } else {
--
libgit2 0.21.4