Pierangelo Masarati wrote:
> michael(a)stroeder.com wrote:
>> I'm experiencing seg faults when using SASL/EXTERNAL bind when
>> connected over
>> ldapi://. I will try to examine this further.
>>
>> segfault at 0 ip b7f21d4c sp b370fd10 error 6 in
>> libdb-4.6.so[b7ef9000+14f000]
>
> This bug is typical of loading a libsasl2 module (libsasldb) built with
> a Berkeley DB version different from the one slapd was built with, or
> loading a libsasl2 module built with a different version of libsasl2
> than the one slapd was built with. Can you check?
I will check this right now. Anyway find below the tail of the server's
log when invoking
ldapwhoami -H
ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1 -Y
EXTERNAL
Ciao, Michael.
--------------------------------- snip --------------------------------
==> sasl_bind: dn="" mech=EXTERNAL datalen=0
SASL Canonicalize [conn=0]:
authcid="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth"
slap_sasl_getdn: conn 0
id=gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth [len=59]
==>slap_sasl2dn: converting SASL name
gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth to a DN
==> rewrite_context_apply [depth=1]
string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth'
==> rewrite_rule_apply
rule='gidnumber=([0-9]+)\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth'
string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' [1
pass(es)]
==> rewrite_context_apply [depth=1]
res={0,'ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))'}
[rw] authid:
"gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" ->
"ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))"
slap_parseURI: parsing
ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))
ldap_url_parse_ext(ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)))
put_filter: "(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))"
put_filter: AND
put_filter_list "(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)"
put_filter: "(objectClass=posixAccount)"
put_filter: simple
put_simple_filter: "objectClass=posixAccount"
put_filter: "(uidNumber=500)"
put_filter: simple
put_simple_filter: "uidNumber=500"
put_filter: "(gidNumber=100)"
put_filter: simple
put_simple_filter: "gidNumber=100"
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
>>> dnNormalize: <ou=schulung,dc=stroeder,dc=local>
=> ldap_bv2dn(ou=schulung,dc=stroeder,dc=local,0)
<= ldap_bv2dn(ou=schulung,dc=stroeder,dc=local)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(ou=schulung,dc=stroeder,dc=local)=0
<<< dnNormalize: <ou=schulung,dc=stroeder,dc=local>
slap_sasl2dn: performing internal search
(base=ou=schulung,dc=stroeder,dc=local, scope=2)
=> hdb_search
bdb_dn2entry("ou=schulung,dc=stroeder,dc=local")
=> access_allowed: auth access to "ou=schulung,dc=stroeder,dc=local"
"entry" requested
=> dn: [4] ou=users,ou=schulung,dc=stroeder,dc=local
=> dn: [5] ou=groups,ou=schulung,dc=stroeder,dc=local
=> dn: [6] ou=schulung,dc=stroeder,dc=local
=> acl_get: [6] matched
=> acl_get: [6] attr entry
=> acl_mask: access to entry "ou=schulung,dc=stroeder,dc=local", attr
"entry" requested
=> acl_mask: to all values by "", (=0)
<= check a_dn_pat: *
<= acl_mask: [2] applying none(=0) (stop)
<= acl_mask: [2] mask: none(=0)
=> slap_access_allowed: auth access denied by none(=0)
=> access_allowed: no more rules
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=32 matched="" text=""
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=0]:
slapAuthcDN="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth"
./start-slapd1.sh: line 14: 20820 Segmentation fault
${OPENLDAP_PREFIX}/libexec/slapd -d stats,acl,args,trace,sync -h
"ldap://0.0.0.0:2071
ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1" -n
slapd-schulung-1 -u michael -f ${LOCALCONFIG}/slapd-1.conf -F
${LOCALCONFIG}/slapd-1.conf.d
michael@nb2:~/temp/openldap-testbed-RE24>