2
I'm working on LDAP authentication support for our web-application. During testing this functionality, I've noticed a very strange behavior: user can authenticate using correct password OR no password. If a wrong password entered, authentication fails.
At first I thought I might have missed something in my code, but then I decided to test it with some desktop client. I tried 'Active Directory Explorer' from Windows Sysinternals, and, surprisingly, it resulted in the same behavior.
Any thoughts about this? As you have guessed, we're using Active Directory. Let me know if I should learn more details about our Active Directory configuration.