[ejabberd] Ability to use any ldap account with no password

Leif Johansson leifj at it.su.se
Thu Dec 2 11:58:32 MSK 2004


Oleg Kivel wrote:
> Hello, All!
> 
> I installed ejabberd-0.7.5 (Linux Red Hat 9) with {auth_method, ldap}.
> 
> LDAP-service - Lotus Domino 5.0.12 (for Linux).
> 
> And I use JAJC jabber-client (for Windows, version 0.0.8.112).
> 
> If I check the "Use plain text password" box when Tools -> Accounts ->
> Setup, then ejabberd accept ONLY VALID ldap user's password.
> 
> If I DON'T check the "Use plain text password" box, then ejabberd
> accept ANY (even empty) PASSWORD for any ldap user and after it I can
> use jabber-service without problem!
> 
> Other clients (PSI, Expodus) permit to enter only valid ldap user's
> password.
> 
> Is this issue with ejabberd, Lotus Domino LDAP-service or JAJC?
> 

It may be an issue with clients. The correct way IS to use plain text
passwords (I suggest you use tls for your jabber client connections).
It may be that other clients use plaintext per default...

	MVH leifj


More information about the ejabberd mailing list