some code cleanups

[sope] / sope-ldap / NGLdap / NGLdapConnection.m

diff --git a/sope-ldap/NGLdap/NGLdapConnection.m b/sope-ldap/NGLdap/NGLdapConnection.m
index a3cefc98530436dda8c67b4a98d2277f898b624f..6634ade955341cc4b8ff24cd809909e67e00b694 100644 (file)
--- a/sope-ldap/NGLdap/NGLdapConnection.m
+++ b/sope-ldap/NGLdap/NGLdapConnection.m
@@ -943,6 +943,11 @@ static void freeMods(LDAPMod **mods) {
   if (LDAPDebugEnabled)
     [self logWithFormat:@"check pwd of login '%@' on %@", _login, _baseDN];
   
+  if ([_pwd length] == 0) {
+    if (LDAPDebugEnabled) [self logWithFormat:@"  no password provided."];
+    return NO;
+  }
+  
   if (self->handle == NULL) {
     if (![self _reinit]) {
       NSLog(@"%s: _reinit failed...:", __PRETTY_FUNCTION__);
@@ -970,8 +975,10 @@ static void freeMods(LDAPMod **mods) {
   */
 
   didBind = NO;
-  NS_DURING
+  NS_DURING {
+    /* Note: beware: do _not_ use empty passwords! (unauthenticated binds) */
     didBind = [self bindWithMethod:@"simple" binddn:strDN credentials:_pwd];
+  }
   NS_HANDLER
     didBind = NO;
   NS_ENDHANDLER;
@@ -999,6 +1006,10 @@ static void freeMods(LDAPMod **mods) {
     NSLog(@"LDAP: check pwd of login '%@' on %@,%i,%@ ...",
           _login, _hostName, _port, _baseDN);
   }
+  if ([_pwd length] == 0) {
+    if (LDAPDebugEnabled) [self logWithFormat:@"  no password provided."];
+    return NO;
+  }
   
   if ((ldap = [[self alloc] initWithHostName:_hostName port:_port]) == nil) {
     if (LDAPDebugEnabled)