No-if you try to submit a blank password it is (rightly) rejected. If you submit a non-blank password, the login succeeds. This (to me) points to the LDAP server responding with a login success message and the OS allowing the user in. This bug appears to only effect Lion clients talking to OpenLDAP (not the LDAP server shipped with Lion Server) or Active Directory.
I played with a Lion client bound to OpenLDAP running on a Linux server. I could login with my username and any password (empty or not). I used a packet sniffer and it appeared to me, that the Lion client is not even sending the password to the server, but simply logging the user in. At least in my case, the server didn't send any login success message, and the Lion still let the user in. It clearly seems to be an issue on the side of the Mac OS X client, not the server.
