| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | fixed obsolete getMock() usage | Fabien Potencier | 2016-12-19 | 1 | -9/+9 |
| | | |||||
| * | Merge branch '3.0'v3.1.0-BETA1 | Nicolas Grekas | 2016-05-12 | 1 | -1/+18 |
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3.0: (31 commits) Drop hirak/prestissimo [MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6 bumped Symfony version to 3.0.7 updated VERSION for 3.0.6 updated CHANGELOG for 3.0.6 bumped Symfony version to 2.8.7 updated VERSION for 2.8.6 updated CHANGELOG for 2.8.6 bumped Symfony version to 2.7.14 updated VERSION for 2.7.13 updated CHANGELOG for 2.7.13 bumped Symfony version to 2.3.42 [Debug] Fix fatal error handlers on PHP 7 updated VERSION for 2.3.41 update CONTRIBUTORS for 2.3.41 updated CHANGELOG for 2.3.41 fixed bad merge Fixed issue with blank password with Ldap limited the maximum length of a submitted username [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param ... Conflicts: src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php src/Symfony/Component/DependencyInjection/Tests/Compiler/AutowirePassTest.php src/Symfony/Component/HttpKernel/Kernel.php | ||||
| | * | Fixed issue with blank password with Ldap | Charles Sarrazin | 2016-05-09 | 1 | -1/+18 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bind operation of LDAP, as described in RFC 4513, provides a method which allows for authentication of users. For the Simple Authentication Method a user may use the anonymous authentication mechanism, the unauthenticated authentication mechanism, or the name/password authentication mechanism. The unauthenticated authentication mechanism is used when a client who desires to establish an anonymous authorization state passes a non-zero length distinguished name and a zero length password. Most LDAP servers either can be configured to allow this mechanism or allow it by default. _Web-based applications which perform the simple bind operation with the client's credentials are at risk when an anonymous authorization state is established. This can occur when the web-based application passes a distinguished name and a zero length password to the LDAP server._ Thus, misconfiguring a server with simple bind can trick Symfony into thinking the username/password tuple as valid, potentially leading to unauthorized access. | ||||
| * | | Improved the Ldap Component | Charles Sarrazin | 2016-02-11 | 1 | -6/+9 |
| |/ | | | | | | | | | | | | * Moved connection logic to dedicated class * Added support for Ldap result entries iterator and renamed LdapClient to Ldap * Added support for multiple adapters * Attempt anonymous bind if the connection is not bound beforehand * Finalized API * Updated the Security component to use v3.1 of the Ldap component * Updated unit tests * Added support for functional tests * Updated README file | ||||
| * | [Bridge/Doctrine+Ldap] Fix tests | Nicolas Grekas | 2015-11-29 | 1 | -0/+3 |
| | | |||||
| * | Implemented LDAP authentication and LDAP user provider | Grégoire Pineau | 2015-09-28 | 1 | -0/+61 |
 |
index : symfony-security | |
| Unnamed repository; edit this file 'description' to name the repository. | Erik Andersson |
| summaryrefslogtreecommitdiffstats |