Tickets :: [#4874] Any user can delete LDAP/kolab user

Summary	Any user can delete LDAP/kolab user
Queue	Turba
Queue Version	2.1.3
Type	Bug
State	Not A Bug
Priority	1. Low
Owners
Requester	m.bellini (at) mpicc (dot) de
Created	01/11/2007 (6770 days ago)
Due
Updated	01/11/2007 (6770 days ago)
Assigned
Resolved	01/11/2007 (6770 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

01/11/2007 05:15:26 PM	Chuck Hagenbuch	Comment #2 State ⇒ Not A Bug Priority ⇒ 1. Low	Reply to this comment
You can set the permissions on that source in Horde's permissions interface, or you can change the connection credentials.

01/11/2007 03:46:26 PM	m (dot) bellini (at) mpicc (dot) de	Comment #1 State ⇒ Unconfirmed Priority ⇒ 3. High Type ⇒ Bug Summary ⇒ Any user can delete LDAP/kolab user Queue ⇒ Turba	Reply to this comment
Any user who access the global address book (KOLAB LDAP) can delete entries. These entries are used by the kolab server for user management. So if the user is deleted in the Turba addressbook, the user while also removed from the kolab server. I think it is a problem of the Horde configuration (Kolab Groupware Server-> Kolab LDAP server settings). The default is to use the administrator user from the kolab server in the bind dn configuration. Turba should have only read permissions to the LDAP server.