diff --git a/modules/integrations/activedirectory/collect/cli.go b/modules/integrations/activedirectory/collect/cli.go index a7c2510..2b1e5ef 100644 --- a/modules/integrations/activedirectory/collect/cli.go +++ b/modules/integrations/activedirectory/collect/cli.go @@ -39,7 +39,7 @@ var ( port = Command.Flags().Int("port", 636, "LDAP port to connect to (389 or 636 typical)") domain = Command.Flags().String("domain", "", "domain suffix to analyze (contoso.local, auto-detected if not supplied)") user = Command.Flags().String("username", "", "username to connect with (someuser@contoso.local)") - pass = Command.Flags().String("password", "", "password to connect with ex. --password hunter42") + pass = Command.Flags().String("password", "", "password to connect with ex. --password hunter42 (use ! for blank password)") tlsmodeString = Command.Flags().String("tlsmode", "TLS", "Transport mode (TLS, StartTLS, NoTLS)") @@ -185,6 +185,11 @@ func PreRun(cmd *cobra.Command, args []string) error { *pass = string(passwd) } } + + if *pass == "!" { + // A single ! indicates we want to use a blank password, so lets change it to that + *pass = "" + } } if authmode == 3 { diff --git a/modules/integrations/activedirectory/collect/ldap.go b/modules/integrations/activedirectory/collect/ldap.go index 22577ba..10cb255 100644 --- a/modules/integrations/activedirectory/collect/ldap.go +++ b/modules/integrations/activedirectory/collect/ldap.go @@ -86,8 +86,13 @@ func (ad *AD) Connect(authmode byte) error { log.Debug().Msgf("Doing unauthenticated bind with user %s", ad.User) err = ad.conn.UnauthenticatedBind(ad.User) case 1: - log.Debug().Msgf("Doing simple bind with user %s", ad.User) - err = ad.conn.Bind(ad.User, ad.Password) + if ad.Password == "" { + log.Debug().Msgf("Doing simple unauthenticated bind with user %s", ad.User) + err = ad.conn.UnauthenticatedBind(ad.User) + } else { + log.Debug().Msgf("Doing simple bind with user %s", ad.User) + err = ad.conn.Bind(ad.User, ad.Password) + } case 2: log.Debug().Msgf("Doing MD5 auth with user %s from domain %s", ad.User, ad.AuthDomain) err = ad.conn.MD5Bind(ad.AuthDomain, ad.User, ad.Password)