Fedora Account System
Red Hat Associate
Red Hat Customer
openldap improper selfwrite access The way openldap handles selfwrite access is broken. Users with selfwrite access should only be able to add/remove their own DN to the target, but via this bug any DN may be modified. This was fixed upstream in version 2.3.25 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587 http://secunia.com/advisories/21721/ A reproducer can be found here: http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test006-acls?hideattic=1&sortbydate=0
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.