Full_Name: Ben Lentz Version: 2.3.34 OS: Fedora Core 3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (12.169.82.130)
Background: This is a heavily modified RPM build of the 2.2.17 release which came standard with Fedora Core 3.
Versions: OpenLDAP 2.3.34, gcc-3.4.4, glibc-2.3.6, db4-4.2.52
Build: ./configure --enable-ldbm -with-ldbm-api=berkeley --enable-bdb --enable-ldap --enable-meta --enable-monitor --enable-null --enable-rewrite --disable-shared --with-kerberos=k5only --with-cyrus-sasl
Configuration: /etc/openldap/slapd.conf: database ldbm /usr/sbin/slapd -u ldap -h "ldap:///" -d 1 &
Issue: Client executes something dumb, causing a "No structural object class" error: ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret dn: dc=my-domain,dc=com objectClass: top objectClass: dcObject dc: my-domain ^D
slapd output (crash): connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 79 contents: ber_get_next do_add ber_scanf fmt ({m) ber:
dnPrettyNormal: <dc=my-domain,dc=com>
<<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com> ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt (}) ber: dn2entry_r: dn: "dc=my-domain,dc=com" => dn2id( "dc=my-domain,dc=com" ) => ldbm_cache_open( "dn2id.dbb", 73, 600 ) <= ldbm_cache_open (opened 0) <= dn2id NOID entry failed op attrs add: no structural object class provided (65) slapd: ../../../../servers/slapd/back-ldbm/cache.c:111: cache_return_entry_rw: Assertion `e->e_private != ((void *)0)' failed.
[1]+ Aborted /usr/sbin/slapd -u ldap -h "ldap:///" -d 1
ldapadd output: adding new entry "dc=my-domain,dc=com" ldap_result: Can't contact LDAP server (-1)
Is there something wrong with my build or runtime environment that would cause this? I am mostly concerned that this is a "minor security issue", e.g. server bugs which clients can use to deny services to others. I am looking to upgrade several production servers from 2.2.17 to 2.3.34 and need to ensure that things are as stable as possible beforehand.
I can provide more detailed information (versions, straces, cores, etc.) upon request.
Thanks for any insight you can provide.