Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use godap without LDAP credentials? #10

Closed
HenrikBengtsson opened this issue Jul 26, 2024 · 4 comments
Closed

Use godap without LDAP credentials? #10

HenrikBengtsson opened this issue Jul 26, 2024 · 4 comments
Assignees
@Macmod

Comments

@HenrikBengtsson
Copy link

Hello, first-time user here. Is it possible to run godap as a non-privileged user without LDAP credentials? I can query the LDAP server using ldapsearch. However, trying with godap, I get:

$ ./godap myserver
2024/07/25 22:03:37 LDAP Result Code 206 "Empty password not allowed by the client": ldap: empty password not allowed by the client

Looking at https://github.com/Macmod/godap?tab=readme-ov-file#usage, I also tried:

$ godap myserver -p anything
2024/07/25 22:07:27 LDAP Result Code 49 "Invalid Credentials":

and

$ ./godap myserver -p ""
2024/07/25 22:07:41 LDAP Result Code 206 "Empty password not allowed by the client": ldap: empty password not allowed by the client

The above is with:

$ ./godap version
Godap v2.7.2
@Macmod Macmod self-assigned this Jul 27, 2024
@Macmod
Copy link
Owner

Macmod commented Jul 27, 2024

Hi mate,

I haven't seen this scenario yet - in AD it seems to work with the method mentioned in the README. Can you provide some details on what type of LDAP server you're trying to connect to so I can try to replicate it?

@HenrikBengtsson
Copy link
Author

HenrikBengtsson commented Jul 27, 2024
edited
Loading

Thanks. I've actually got very little info on the LDAP server itself and the version, but it appears to be OpenLDAP. Here's some info, but it's very sparse:

$ ldapsearch -x -h m1 -s base -b "" "objectClass=*"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: objectClass=*
# requesting: ALL
#

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

This is on a Rocky 8 Linux HPC environment.

Macmod added a commit that referenced this issue Jul 30, 2024
@Macmod
Attempting to fix issue #10.
dd6f1b8
@Macmod
Copy link
Owner

Macmod commented Jul 30, 2024

I managed to reproduce the issue here.

The thing is, I used to think disallowing empty passwords was a limitation of the go-ldap/ldap package, and since in AD it works without the need of an empty password I never thought of trying to fix that error.

I just found out they have a specific method for that (UnauthenticatedBind) and it seems to work fine with AD / OpenLDAP.

Can you please try the latest commit?

@HenrikBengtsson
Copy link
Author

Beautiful - it works. Thanks.

(I leave it to you to close this issue)

@Macmod Macmod closed this as completed Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Macmod Macmod

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HenrikBengtsson @Macmod