summaryrefslogtreecommitdiffstats
path: root/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '3.0'v3.1.0-BETA1Nicolas Grekas2016-05-121-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3.0: (31 commits) Drop hirak/prestissimo [MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6 bumped Symfony version to 3.0.7 updated VERSION for 3.0.6 updated CHANGELOG for 3.0.6 bumped Symfony version to 2.8.7 updated VERSION for 2.8.6 updated CHANGELOG for 2.8.6 bumped Symfony version to 2.7.14 updated VERSION for 2.7.13 updated CHANGELOG for 2.7.13 bumped Symfony version to 2.3.42 [Debug] Fix fatal error handlers on PHP 7 updated VERSION for 2.3.41 update CONTRIBUTORS for 2.3.41 updated CHANGELOG for 2.3.41 fixed bad merge Fixed issue with blank password with Ldap limited the maximum length of a submitted username [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param ... Conflicts: src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php src/Symfony/Component/DependencyInjection/Tests/Compiler/AutowirePassTest.php src/Symfony/Component/HttpKernel/Kernel.php
| * Fixed issue with blank password with LdapCharles Sarrazin2016-05-091-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bind operation of LDAP, as described in RFC 4513, provides a method which allows for authentication of users. For the Simple Authentication Method a user may use the anonymous authentication mechanism, the unauthenticated authentication mechanism, or the name/password authentication mechanism. The unauthenticated authentication mechanism is used when a client who desires to establish an anonymous authorization state passes a non-zero length distinguished name and a zero length password. Most LDAP servers either can be configured to allow this mechanism or allow it by default. _Web-based applications which perform the simple bind operation with the client's credentials are at risk when an anonymous authorization state is established. This can occur when the web-based application passes a distinguished name and a zero length password to the LDAP server._ Thus, misconfiguring a server with simple bind can trick Symfony into thinking the username/password tuple as valid, potentially leading to unauthorized access.
* | Improved the Ldap ComponentCharles Sarrazin2016-02-111-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | * Moved connection logic to dedicated class * Added support for Ldap result entries iterator and renamed LdapClient to Ldap * Added support for multiple adapters * Attempt anonymous bind if the connection is not bound beforehand * Finalized API * Updated the Security component to use v3.1 of the Ldap component * Updated unit tests * Added support for functional tests * Updated README file
* | [Security] add USERNAME_NONE_PROVIDED constantSofHad2016-01-251-1/+1
|/
* Marked the Ldap component as internal and removed Ldap constants polyfillCharles Sarrazin2015-11-281-1/+1
|
* [Ldap] add some missing license file headersChristian Flothmann2015-09-281-0/+9
|
* Implemented LDAP authentication and LDAP user providerGrégoire Pineau2015-09-281-0/+76
generated by cgit v1.1 at 2025-05-11 00:56:45 +0000