It's possible to access any account without password if authldap is used.
vulners.com/securityvulns/securityvulns:doc:19713