LDAP authentication against Active Directory allows empty passwords
Created by: danlii
An LDAP bind with empty password against an Active Directory gets "translated" to an anonymous bind, like so: Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. Depending on the LDAP client, this is interpreted as a successful bind with the correct username, and this is the case with the tcllib ldap module. To prevent logins with empty passwords in Netmagis, we would need to prevent empty passwords altogether, at least when the LDAP server is an Active Directory.