Le 08/12/15 15:48, M. P. a écrit : > >> >> Hope you can explain that to your application developpers... > > I started to explain them that it should not be done the way it is > done now. I can provide them a newer version of the directory, more > secure, but like I said before, they use this behaviour/issue > currently and if I want to migrate to a newer version, I have to > provide them some compatibility possibility the time this is fixed in > the app. > > This is the reason I ask here. Maybe apacheDS was working like this > before, maybe this is a bug, I don't know what else ...
My personal bet : it was a bug in 1.5.7 > When searching for an explanation, I saw that there are interceptors > in apacheDS and as a supposition, maybe playing with them allows > apacheDS to accept these bindings. That's a possibility. Have they added an interceptor, or a specific authenticator ? Adding an authenticator that accepts such broken passwords is a solution that would work.
