AOH :: Linux :: Apps N-Z

AOH :: Linux :: Apps N-Z :: LNX5024.HTM
OpenLDAP users may remove non-mandatory attributes from object in directory

24th Jan 2002 [SBWID-5024]

COMMAND

	OpenLDAP users  may  remove  non-mandatory  attributes  from  object  in
	directory

SYSTEMS AFFECTED

	OpenLDAP from 2.0.0 through 2.0.19

PROBLEM

	In Red Hat security advisory [RHSA-2002:014-07]  [http://www.redhat.com]
	:
	

	OpenLDAP does not check permissions using access control  lists  when  a
	user attempts to remove an attribute from an object in the directory  by
	replacing its values with an empty  list.  Because  schema  checking  is
	still enforced, a user can only remove attributes which the schema  does
	not require the object to possess.

SOLUTION

	Update to OpenLDAP version 2.0.21, see :
	

	http://www.openldap.org/lists/openldap-announce/200201/msg00002.html

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.