This bug was fixed in the package openldap - 2.4.23-6ubuntu1

---------------
openldap (2.4.23-6ubuntu1) natty; urgency=low

  * Merge from Debian unstable:
    - Install a default DIT (LP: #442498).
    - Document cn=config in README file (LP: #370784).
    - remaining changes:
      + AppArmor support:
        - debian/apparmor-profile: add AppArmor profile
        - use dh_apparmor:
          - debian/rules: use dh_apparmor
          - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
        - updated debian/slapd.README.Debian for note on AppArmor
        - debian/slapd.dirs: add etc/apparmor.d/force-complain
      + Enable GSSAPI support (LP: #495418):
        - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
          - Add --with-gssapi support
          - Make guess_service_principal() more robust when determining
            principal
        - debian/patches/series: apply gssapi.diff patch.
        - debian/configure.options: Configure with --with-gssapi
        - debian/control: Added libkrb5-dev as a build depend
      + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
        in the openldap library, as required by Likewise-Open (LP: #390579)
      + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
        - debian/control:
          - remove build-dependency on heimdal-dev.
          - remove slapd-smbk5pwd binary package.
        - debian/rules: don't build smbk5pwd slapd module.
      + debian/{control,rules}: enable PIE hardening
      + ufw support (LP: #423246):
        - debian/control: suggest ufw.
        - debian/rules: install ufw profile.
        - debian/slapd.ufw.profile: add ufw profile.
      + Enable nssoverlay:
        - debian/patches/nssov-build, debian/series, debian/rules:
          Apply, build and package the nss overlay.
        - debian/schema/extra/misc.ldif: add ldif file for the misc schema
          which defines rfc822MailMember (required by the nss overlay).
      + debian/rules, debian/schema/extra/:
        Fix configure rule to supports extra schemas shipped as part
        of the debian/schema/ directory.
      + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
      + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
        neither the default DIT nor via an Authn mapping.
      + debian/slapd.scripts-common: adjust minimum version that triggers a
        database upgrade. Upgrade from maverick shouldn't trigger database
        upgrade (which would happen with the version used in Debian).
      + debian/slapd.scripts-common: add slapcat_opts to local variables.
        Remove unused variable new_conf.
      + debian/slapd.script-common: Fix package reconfiguration.
        - Fix backup directory naming for multiple reconfiguration.
      + debian/slapd.default, debian/slapd.README.Debian:
        use the new configuration style.

openldap (2.4.23-6) unstable; urgency=high

  * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)

openldap (2.4.23-5) unstable; urgency=high

  [ Steve Langasek ]
  * High-urgency upload for RC bugfix.
  * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
    get_suffix(), which causes us to incorrectly parse any slapd.conf that
    uses tabs instead of spaces.  Closes: #595672.
  * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
    set in /etc/default/slapd, we should always set a default value, giving
    precedence to slapd.d and falling back to slapd.conf.  Users who don't
    want to use an existing slapd.d should point at slapd.conf explicitly.
    Closes: #594714, #596343.
  * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
    absence of a slapd configuration; we should still exit 0 so that the
    package can be removed gracefully.  Closes: #596100.
  * drop build-conflicts with libssl-dev; we explicitly pass
    --with-tls=gnutls to configure, so there's no risk of a misbuild here.
  * debian/slapd.default: now that we have a sensible default behavior in
    both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
    save pain later.
  * debian/slapd.scripts-common: ... and do the same in
    migrate_to_slapd_d_style, we just need to comment out the user's
    previous entry instead of blowing it away.
  * debian/slapd.scripts-common: call get_suffix in a way that lets us
    separate responses by newlines, to properly handle the case when a
    DN has embedded spaces.  Introduces a few more stupid fd tricks to work
    around possible problems with debconf.  Closes: #595466.
  * debian/slapd.scripts-common: when parsing the names of includes, handle
    double-quotes and escape characters as described in slapd.conf(5).
    Closes: #595784.
  * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
    versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
    otherwise is blocked by our added olcAccess settings.  Closes: #596326.
  * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
    too.
  * Likewise, grant access to dn.exact="" so that base dn autodiscovery
    works as intended.  Closes: #596049.
  * debian/slapd.init.ldif: synchronize our behavior on new installs with
    that on upgrades, avoiding the non-standard cn=localroot,cn=config.
  * debian/slapd.scripts-common: don't run the migration code if slapd.d
    already exists.  Closes: #593965.

  [ Matthijs Mohlmann ]
  * Remove upgrade_supported_from_backend, implemented patch from
    Peter Marschall <email address hidden> to automatically detect if an upgrade is
    supported. (Closes: #594712)

  [ Peter Marschall ]
  * debian/slapd.init: correctly set the slapd.conf argument even when
    SLAPD_PIDFILE is non-empty in /etc/default/slapd.  Closes: #593880.
  * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
    subordinate databases aren't incorrectly included in the dump/restore of
    the parent database.  Closes: #594821.

openldap (2.4.23-4) unstable; urgency=low

  [ Steve Langasek ]
  * Bump the database upgrade version check to 2.4.23-4; should have been
    set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
    clean up.  Closes: #593550.

  [ Matthijs Mohlmann ]
  * Fix root access to cn=config on upgrades from configuration style slapd.conf
    Thanks to Mathias Gug (Closes: #593566, #593878)

openldap (2.4.23-3) unstable; urgency=low

  * Configure the newly installed openldap package using slapd.d instead of
    slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
  * Update the debconf templates by running debconf-updatepo.
  * We do not support upgrades from older releases then lenny, so removed some
    upgrade functions from slapd.scripts-common.
  * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
  * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
  * Update slapd.README.Debian and slapd.NEWS and note the new configuration
    style.
  * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
  * Update italian translation, thanks Luca Monducci (Closes: #590154)
  * Update spanish translation, thanks Francisco Javier Cuadrado
    (Closes: #590829)
  * Update basque translation, thanks Iñaki Larrañaga Murgoitio
  * Bump Standards-Version to 3.9.1
  * Added debian specific patch to wait until slapd is operational before
    detaching to the terminal (Closes: #589915)
  * Add a lintian overrides for libldap.
  * Empty dependency_libs line in .la files. (Closes: #591550)
  * Update galician translation, thanks Jorge Barreiro (Closes: #592815)

openldap (2.4.23-2) unstable; urgency=medium

  * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
  * Urgency previous as previous version fixes a RC bug.

openldap (2.4.23-1) unstable; urgency=low

  * New upstream version
  * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
  * Updated french translation thanks Christian Perrier (Closes: #579192)
  * Updated swedish translation thanks Martin Bagge (Closes: #580145)
  * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
  * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
  * Fix bashisms in debian/rules (Closes: #581454)
  * Add documentation patch (Closes: #513270)
  * Refreshed all quilt patches.
  * Bump Standards-Version to 3.9.0
 -- Mathias Gug <email address hidden>   Fri, 12 Nov 2010 15:19:07 -0500