Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server . bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name , which allows remote attackers to bypass intended access restrictions via an arbitrary password . modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name modification request that contains an empty value for the OldDN field . The updated packages have been patched to correct these issues.