ldap_bind_s与错误的凭据回到LDAP_SUCCESS [英] ldap_bind_s returning LDAP_SUCCESS with wrong credentials
问题描述
我这个小问题。我想对认证LDAP用户(Windows活动目录),一切工作正常,但组合(良好的用户,好的密码,错域)。
I have this little problem. I want to authenticate user against LDAP (Windows Active Directory), everything works OK, but the combination (good user, good password, wrong domain).
LDAP* ldap = ldap_init(L"myserver", 389);
ULONG ldap_version = 3;
ULONG ret = LDAP_SUCCESS;
ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, (void*)&ldap_version);
ret = ldap_connect(ldap, NULL);
SEC_WINNT_AUTH_IDENTITY ai;
ai.Domain = (unsigned short*)BAD_DOMAIN;
ai.DomainLength = wcslen(BAD_DOMAIN);
ai.User = (unsigned short*)OK_USER;
ai.UserLength = wcslen(OK_USER);
ai.Password = (unsigned short*)OK_PASS;
ai.PasswordLength = wcslen(OK_PASS);
ai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
ret = ldap_bind_s(ldap, NULL, (PWCHAR) &ai, LDAP_AUTH_NTLM); // !!! HERE !!!
ret = ldap_unbind_s(ldap);
在该行坊间!这里 !!!'我期望为0x31或返回的任何其他错误。相反,我得到LDAP_SUCCESS:(
On the line marke '!!! HERE !!!' I'd expect 0x31 or any other error returned. Instead I get LDAP_SUCCESS :(
有什么建议? THX,米兰
Any suggestions? Thx, Milan
推荐答案
绑定是全成,因为这对夫妻的用户名/密码,有效期为你的ldap_init通话过程中连接到域。在这种情况下,在凭证提供的域被简单地忽略。
Binding is successfull because the couple username/password is valid for the domain you're connected to during the ldap_init call. In this case, the domain supplied in the credentials is simply ignored.
要确认这一点说明书,你可以尝试使用从该服务器的可信域的一些凭证。由于该用户未在您连接到域存在,使用无效域名将导致与INVALID_CREDENTIALS绑定失败。
To confirm this statment, you could try using some credentials from a trusted domain of this server. Because the user does not exist in the domain you're connected to, supplying an invalid domain name will result in a binding failure with INVALID_CREDENTIALS.
希望有所帮助。
这篇关于ldap_bind_s与错误的凭据回到LDAP_SUCCESS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!