Fix for SEC-202. Intialize manager password to default "manager_password_not_set".

core/src/main/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactory.java

@@ -100,7 +100,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
     /**
      * The manager user's password.
      */
-    private String managerPassword = null;
+    private String managerPassword = "manager_password_not_set";
 
     /** Type of authentication within LDAP; default is simple. */
     private String authenticationType = "simple";
@@ -164,6 +164,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
         Hashtable env = getEnvironment();
         env.put(Context.SECURITY_AUTHENTICATION, AUTH_TYPE_NONE);
+
         return connect(env);
     }
 

core/src/test/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactoryTests.java

@@ -78,14 +78,34 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
         ctx.close();
     }
 
+    public void testBindAsManagerFailsIfNoPasswordSet() throws Exception {
+        idf.setManagerDn(MANAGER_USER);
+
+        DirContext ctx = null;
+
+        try {
+            ctx = idf.newInitialDirContext();
+            fail("Binding with no manager password should fail.");
+// Can't rely on this property being there with embedded server
+//        assertEquals("true",ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
+        } catch(BadCredentialsException expected) {
+        }
+
+        LdapUtils.closeContext(ctx);
+    }
+
     public void testInvalidPasswordCausesBadCredentialsException() throws Exception {
         idf.setManagerDn(MANAGER_USER);
         idf.setManagerPassword("wrongpassword");
+
+        DirContext ctx = null;
         try {
-            DirContext ctx = idf.newInitialDirContext();
+            ctx = idf.newInitialDirContext();
-            fail("Authentication with wrong credentials should fail.");
+            fail("Binding with wrong credentials should fail.");
         } catch(BadCredentialsException expected) {
         }
+
+        LdapUtils.closeContext(ctx);
     }
 
     public void testConnectionAsSpecificUserSucceeds() throws Exception {