We noticed we could not authenticate to a Snow Leopard server and saw
this posted in our Novell forums...ANyone else seeing issues like this:
Mac OS X Lion fails to check passwords when authenticating via LDAP
A bug in the module for authenticating (Open)LDAP under Mac OS X
10.7.x
Lion can result in any password being accepted during log-in – all
that's required is a valid user name. The problem occurs when logging
in
both via a graphical interface on a client and over the web via SSH on
a
server. Lion does not use LDAP to log-in by default; LDAP
authentication
tends to be used in large infrastructures for centralised user
administration (name, password, group, etc.).
Apple has been informed of the problem and has apparently succeeded in
reproducing it. Additionally, some users are reporting that they are
completely unable to log-in using LDAP after updating to Lion. Whether
or not the problem occurs appears to depend on whether the LDAP server
is running on a local or on a separate system.
It is not clear whether the problem will be fixed by means of a
security
update or in the next Lion point release, Mac OS X 10.7.2. At present,
the only remedy is to deactivate LDAP authentication for critical
services.
Thanks,
Shannon L Rico
Sr. Network Engineer
CVE4
GISD
d: 972-487-3663
c: 214-882-3621
