OpenLDAP follows symbolic links when creating files. The default location for these files is /usr/tmp, which is a symlink to /tmp, which in turn is a world-writable directory. Local users can destroy the contents of any file on any mounted filesystem. Please upgrade to:

e15137088145d315952586f1ad6330ef openldap-1.2.9-5mdk.i586.rpm
0807d4c34bf6cec47fede3cf7c2572c5 openldap-1.2.9-5mdk.src.rpm