Bug allows Mac OS X Lion clients to use any LDAP password

If you have Mac OS X 'Lion' clients and use LDAP authentication, you need to read this.

Reports are circulating that Apple's latest incarnation of Mac OS X - 10.7 'Lion' - contains a serious LDAP network authentication bug.

The bug is a simple one, but at the same time a serious one - users logging in to Macs running OS X 10.7 can access restricted network resources using any password at all when LDAP is used for authentication (for example Apple's Open Directory or OpenLDAP).

At the moment it's not clear what the problem is because Apple doesn't own up to bugs until it has a patch for them but there's a fair bit of discussion about the problem on various forums. Some users claim that they can log into the network using any username and password while others claim to be completely locked out when using the correct username and password. Others are seeing a problem where they need the correct password initially but then other resources that require LDAP authentication are given automatic credentials.

Bottom line, if you use LDAP for authentication, and you have clients using 10.7 'Lion' then this is a pretty big deal. If that doesn't describe your setup then you don't need to worry about this.

Despite the problem first being reported on July 25, five days after Lion was released, Apple as yet to offer users a fix. This issue was not addressed in Apple's 10.7.1 update for Lion.