Java, LDAP: Make it not ignore blank passwords?

Question

I\'m maintaining some legacy Java LDAP code. I know next to nothing about LDAP.

The program below basically just sends the userid and password to the LDAP server,

Answer 1

You need to change authentication method from simple (which is not something to use in an production environment anyways, at least not without SSL).

As it is stated here: http://docs.oracle.com/javase/jndi/tutorial/ldap/security/simple.html

If you supply an empty string, an empty byte/char array, or null to the Context.SECURITY_CREDENTIALS environment property, then the authentication mechanism will be "none". This is because the LDAP requires the password to be nonempty for simple authentication. The protocol automatically converts the authentication to "none" if a password is not supplied.