server: detect anonymous binds and return a correct error

2024-09-11 22:15:06 +02:00 · 2024-09-11 22:15:06 +02:00 · 10a820f2a2
commit 10a820f2a2
parent 01f97f5ed4
1 changed files with 6 additions and 0 deletions
--- a/server/src/infra/ldap_handler.rs
+++ b/server/src/infra/ldap_handler.rs
@ -263,6 +263,12 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend

    #[instrument(skip_all, level = "debug", fields(dn = %request.dn))]
    pub async fn do_bind(&mut self, request: &LdapBindRequest) -> (LdapResultCode, String) {
+        if request.dn.is_empty() {
+            return (
+                LdapResultCode::InappropriateAuthentication,
+                "Anonymous bind not allowed".to_string(),
+            );
+        }
        let user_id = match get_user_id_from_distinguished_name(
            &request.dn.to_ascii_lowercase(),
            &self.ldap_info.base_dn,