Do not use anonymous or unauthenticated authentication mechanisms with a blind LDAP client request because they allow unauthorized access without passwords.
1def authenticate_connection_noncompliant():
2 import ldap
3 import os
4 connect = ldap.initialize('ldap://127.0.0.1:1389')
5 connect.set_option(ldap.OPT_REFERRALS, 0)
6 # Noncompliant: authentication disabled.
7 connect.simple_bind('cn=root')
1def authenticate_connection_compliant():
2 import ldap
3 import os
4 connect = ldap.initialize('ldap://127.0.0.1:1389')
5 connect.set_option(ldap.OPT_REFERRALS, 0)
6 # Compliant: simple security authentication used.
7 connect.simple_bind('cn=root', os.environ.get('LDAP_PASSWORD'))