openldap -- slapd acl selfwrite Security Issue

ID AE7124FF-547C-11DB-8F1A-000A48049292
Type freebsd
Reporter FreeBSD
Modified 2006-06-14T00:00:00


Howard Chu reports:

An ACL of the form 'access to dn.subtree="ou=groups, dc=example,dc=com" attr=member by * selfwrite' is intended to only allow users to add/delete their own DN to the target attribute. Currently it allows any DNs to be modified.