Greetings,
We are running OpenLDAP at our organization to do authentication for
Linux machines. One strange thing I noticed is that I can bind to the
server using my password, or *any* password that contains my actual
password as a prefix. Let me explain with an example.
Suppose my password is "banana" (it's not). Then these passwords work
to bind to the database:
- banana
- banana2
- bananafjksdfs
But these won't work:
- mbanana
- banan
I'm testing this with this command:
ldapsearch -x -W -ZZ -H ldap://<server_address>.com \
-b dc=mydomain,dc=com \
-D 'uid=<my_uid>,ou=people,dc=mydomain,dc=com' \
'(uid=<my_uid>)'
Any ideas about why this happens? Thanks.
-- Chris
