Hello all. Today I discovered that all my web2py installations are allowing any domain user to login as long as they don't enter a password. The root of this is that the ldap_auth.py authentication will return True as long as a user is in Active Directory. An incorrect password will not work, but a blank one will.
My setup is the latest stable web2py with ldap_auth.py from web2py trunk on github. Can I get someone to test this and see if it is an issue for them? I will try and fix this tomorrow and submit a patch. Thanks, Kory
