Some ldap server (Netscape) assume an annonymous login
when you try to bind with an empty password. But the
side effect is that php bind return success and the
user is authentified without password !
You should add a test for empty password.
Log in to post a comment.