[teiid-issues] [JBoss JIRA] Created: (TEIID-471) Potential security problem is anonymous bind is allowed in the LDAP server

Potential security problem is anonymous bind is allowed in the LDAP server -------------------------------------------------------------------------- Key: TEIID-471 URL: https://jira.jboss.org/jira/browse/TEIID-471 Project: Teiid Issue Type: Bug Components: Server Affects Versions: 6.0.0, 6.1.0 Reporter: Li Liang Assignee: Li Liang Fix For: 6.1.0 When LDAP is used for authentication, if anonymous bind is allowed, user with blank password will be authenticated successfully. That user (not anonymous) will be used when querying the VDB in the current session. If authorization is turned on, that may cause security problem. This is from customer case 275865. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira