"A bug in the module for authenticating (Open)LDAP under Mac OS X 10.7.x Lion can result in any password being
accepted during log-in – all that's required is a valid user name. The problem occurs when logging in both via
a graphical interface on a client and over the web via SSH on a server.
Apple has been informed of the problem and has apparently succeeded in reproducing it. Additionally, some users
are reporting that they are completely unable to log-in using LDAP after updating to Lion.
At present, the only remedy is to deactivate LDAP authentication for critical services."
Please reply back to this ticket if you found this security alert useful.