An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN privileges for certain databases but wants to maintain isolation , slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz control