-
Bug
-
Resolution: Unresolved
-
Minor
-
None
With overall read access an anonymous user can use the top right search box to find what LDAP users exist.
Beginning to enter a name will auto-complete it e.g. "John" auto-completes to "John Doe".
This gives an anonymous user the opportunity to find the user ids.
These user ids could then be used to find a user with a weak password.
In order to set proper expectation, I have unassigned Kohsuke from this tickets.
Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.