An LDAP client authenticates to an LDAP server with a "bind request" which provides, among other, a simple authentication method.
Simple authentication in LDAP can be used with three different mechanisms:
Anonymous binds and unauthenticated binds allow access to information in the LDAP directory without providing a password, their use is therefore strongly discouraged.
import ldap
def init_ldap():
connect = ldap.initialize('ldap://example:1389')
connect.simple_bind('cn=root') # Noncompliant
connect.simple_bind_s('cn=root') # Noncompliant
connect.bind_s('cn=root', None) # Noncompliant
connect.bind('cn=root', None) # Noncompliant
import ldap
import os
def init_ldap():
connect = ldap.initialize('ldap://example:1389')
connect.simple_bind('cn=root', os.environ.get('LDAP_PASSWORD')) # Compliant
connect.simple_bind_s('cn=root', os.environ.get('LDAP_PASSWORD')) # Compliant
connect.bind_s('cn=root', os.environ.get('LDAP_PASSWORD')) # Compliant
connect.bind('cn=root', os.environ.get('LDAP_PASSWORD')) # Compliant