Bug#553165: icedove: offline replication of LDAP address book uses anonymous bind

Tollef Fog Heen tfheen at debian.org
Thu Oct 29 10:53:12 GMT 2009 

Package: icedove
Version: 2.0.0.22-0lenny1
Severity: normal

It seems like the «Download addressbook for offline use» is using
anonymous binds rather than prompting for a password.

Server-side, it looks like:
Oct 29 11:50:05 phaal slapd[17385]: conn=24 fd=23 ACCEPT from IP=78.86.233.73:59038 (IP=0.0.0.0:636)
Oct 29 11:50:05 phaal slapd[17385]: conn=24 fd=23 TLS established tls_ssf=256 ssf=256
Oct 29 11:50:05 phaal slapd[17385]: conn=24 op=0 BIND dn="" method=128
Oct 29 11:50:05 phaal slapd[17385]: conn=24 op=0 RESULT tag=97 err=48 text=anonymous bind disallowed
Oct 29 11:50:05 phaal slapd[17385]: conn=24 op=1 UNBIND
Oct 29 11:50:05 phaal slapd[17385]: conn=24 fd=23 closed

To reproduce, set up slapd with «disallow bind_anon» and then try to
download an address book for offline use.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages icedove depends on:
ii  debianutils            3.2.1             Miscellaneous utilities specific t
ii  fontconfig             2.6.0-4           generic font configuration library
ii  libatk1.0-0            1.28.0-1          The ATK accessibility toolkit
ii  libc6                  2.9-25            GNU C Library: Shared libraries
ii  libcairo2              1.8.8-2           The Cairo 2D vector graphics libra
ii  libfontconfig1         2.6.0-4           generic font configuration library
ii  libfreetype6           2.3.11-1          FreeType 2 font engine, shared lib
ii  libgcc1                1:4.4.1-4         GCC support library
ii  libglib2.0-0           2.22.2-2          The GLib library of C routines
ii  libgtk2.0-0            2.18.2-1          The GTK+ graphical user interface 
ii  libhunspell-1.2-0      1.2.8-5           spell checker and morphological an
ii  libjpeg62              6b-15             The Independent JPEG Group's JPEG 
ii  libnspr4-0d            4.8-1             NetScape Portable Runtime Library
ii  libnss3-1d             3.12.4-1          Network Security Service libraries
ii  libpango1.0-0          1.26.0-1          Layout and rendering of internatio
ii  libpng12-0             1.2.40-1          PNG library - runtime
ii  libstdc++6             4.4.1-4           The GNU Standard C++ Library v3
ii  libx11-6               2:1.2.2-1         X11 client-side library
ii  libxft2                2.1.13-3          FreeType-based font drawing librar
ii  libxinerama1           2:1.0.3-2         X11 Xinerama extension library
ii  libxrender1            1:0.9.4-2         X Rendering Extension client libra
ii  libxt6                 1:1.0.6-1         X11 toolkit intrinsics library
ii  psmisc                 22.8-1            utilities that use the proc file s
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime

icedove recommends no packages.

Versions of packages icedove suggests:
pn  icedove-gnome-support         <none>     (no description available)
ii  latex-xft-fonts               1.6.4-1    TrueType versions of some TeX font
ii  libthai0                      0.1.12-1   Thai language support library

-- no debconf information

-- 
Tollef Fog Heen 
UNIX is user friendly, it's just picky about who its friends are

More information about the Ubuntu-mozillateam mailing list