[Bug 494273] [NEW] LDAP directory contact attributes cannot be modified

rdratlos rdratlos at yahoo.co.uk
Wed Dec 9 01:19:03 UTC 2009


Public bug reported:

Binary package hint: kdepim

This is a copy of a bug report to KDE
(https://bugs.kde.org/show_bug.cgi?id=217946) which should be known to
Ubuntu users:

I tested kaddressbook (4.3) using KDE 4.3.2 in Ubuntu Karmic as front-end to manage contacts in a LDAP directory
(addressbook). The server runs openldap 2.4. 

kaddressbook perfectly adds and deletes contacts.

But it fails to modify attribute values of a contact within the LDAP directory.
After changing e. g. the facsimile number of a contact, kaddressbook shows the
updated number but the new number is not saved in the LDAP directory. OpenLDAP
reports following failure: 'value #0 invalid per syntax'. 

According to other sources in the internet this is a sign for a missing
objectClass. When checking further I found out that kaddressbook CAN modify
contact information in the LDAP directory if following objectClasses are part
of the contact entry: person, organizationalPerson, inetOrgPerson. If I add
directly a contact to the LDAP directory (using ldapadd) with all mentioned
objectClass values defined, kaddressbook can save the modifications to the
directory. But during modification the objectClass values person and
organizationalPerson disappear in the directory entry. objectClass
inetOrgPerson is the only one left. 

It seems that kaddressbook can only handle this objectClass.

As a work-around I set up an ACL (olcAccess: to attrs=objectClass
value=organizationalPerson by dn="cn=admin,dc=gas,dc=de" write by
dn="cn=AddrAdmin,dc=gas,dc=de" add by * read) that prohibits the addressbook
admin (i. e. kaddressbook) from deleting the objectClass values person and
organizationalPerson of a contact entry in LDAP. But this doesn't help.

In fact, instead of modifying single attributes of a contact within the LDAP
directory, kaddressbook completely deletes the contact from the LDAP directory
and adds it again. But only with those LDAP attributes that kaddressbook can
handle. 

As there are several Internet sources that recommend kaddressbook as a LDAP
front-end for managing LDAP based addressbooks, this is a severe bug.
kaddressbook should only be allowed to modify attribute values, but not
deleting them. LDAP directories are a sensitive central network resource that
are usually accessed and managed by several applications.

** Affects: kdepim (Ubuntu)
     Importance: Undecided
         Status: New

-- 
LDAP directory contact attributes cannot be modified 
https://bugs.launchpad.net/bugs/494273
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdepim in ubuntu.




More information about the kubuntu-bugs mailing list