[Bug 217946] New: LDAP directory contact attributes cannot be modified

rdratlos at yahoo.co.uk rdratlos at yahoo.co.uk
Wed Dec 9 01:01:54 GMT 2009 

https://bugs.kde.org/show_bug.cgi?id=217946

           Summary: LDAP directory contact attributes cannot be modified
           Product: kaddressbook
           Version: unspecified
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: kdepim-bugs at kde.org
        ReportedBy: rdratlos at yahoo.co.uk
                CC: tokoe at kde.org


Version:            (using KDE 4.3.2)
OS:                Linux
Installed from:    Ubuntu Packages

I tested kaddressbook (4.3) as front-end to manage contacts in a LDAP directory
(addressbook). The server runs openldap 2.4. 

kaddressbook perfectly adds and deletes contacts. 

But it fails to modify attribute values of a contact within the LDAP directory.
After changing e. g. the facsimile number of a contact, kaddressbook shows the
updated number but the new number is not saved in the LDAP directory. OpenLDAP
reports following failure: 'value #0 invalid per syntax'. 

According to other sources in the internet this is a sign for a missing
objectClass. When checking further I found out that kaddressbook CAN modify
contact information in the LDAP directory if following objectClasses are part
of the contact entry: person, organizationalPerson, inetOrgPerson. If I add
directly a contact to the LDAP directory (using ldapadd) with all mentioned
objectClass values defined, kaddressbook can save the modifications to the
directory. But during modification the objectClass values person and
organizationalPerson disappear in the directory entry. objectClass
inetOrgPerson is the only one left. 

It seems that kaddressbook can only handle this objectClass. 

As a work-around I set up an ACL (olcAccess: to attrs=objectClass
value=organizationalPerson by dn="cn=admin,dc=gas,dc=de" write by
dn="cn=AddrAdmin,dc=gas,dc=de" add by * read) that prohibits the addressbook
admin (i. e. kaddressbook) from deleting the objectClass values person and
organizationalPerson of a contact entry in LDAP. But this doesn't help.

In fact, instead of modifying single attributes of a contact within the LDAP
directory, kaddressbook completely deletes the contact from the LDAP directory
and adds it again. But only with those LDAP attributes that kaddressbook can
handle. 

As there are several Internet sources that recommend kaddressbook as a LDAP
front-end for managing LDAP based addressbooks, this is a severe bug.
kaddressbook should only be allowed to modify attribute values, but not
deleting them. LDAP directories are a sensitive central network resource that
are usually accessed and managed by several applications.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list