openldap: rootpw not verified via slapd.conf when using the NDB backend

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name DN, which allows remote attackers to bypass intended access restrictions via an arbitrary password...

openldap security update

2.4.19-15.2 - fix: security - DoS when submitting special MODRDN request 680975 2.4.19-15.1 - fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success - fix: CVE-2011-1025 rootpw is not verified for ndb backend...