[Tickets #4874] Any user can delete LDAP/kolab user
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Jan 11 07:46:26 PST 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4874
-----------------------------------------------------------------------
Ticket | 4874
Created By | m.bellini at mpicc.de
Summary | Any user can delete LDAP/kolab user
Queue | Turba
Version | 2.1.3
Type | Bug
State | Unconfirmed
Priority | 3. High
Owners |
-----------------------------------------------------------------------
m.bellini at mpicc.de (2007-01-11 07:46) wrote:
Any user who access the global address book (KOLAB LDAP) can delete
entries. These entries are used by the kolab server for user management.
So if the user is deleted in the Turba addressbook, the user while also
removed from the kolab server. I think it is a problem of the Horde
configuration (Kolab Groupware Server-> Kolab LDAP server settings). The
default is to use the administrator user from the kolab server in the bind
dn configuration.
Turba should have only read permissions to the LDAP server.
More information about the bugs
mailing list