Full_Name: Thomas Koeller Version: 2.4.28 OS: Linux x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.171.14.55)
I had a problem with slapd always segfaulting. A little debugging revealed that slapd allocated the thread-safe version of 'struct ldapoptions', since it is linked with libldap_r.so. However, the destructor function ldap_int_destroy_global_options() invoked during cleanup seemed to be the non-threadsafe version which assumes a different layout of 'struct ldapoptions' (the ldo_mutex field is missing). I noticed that that SASL loaded all its plugins, including the 'ldapdb' module which is present in my SASL installation, and that ldapdb.so was linked against the non-threadsafe libldap.so. I still do not quite understand the exact reason why this confusion arose, because AFAIK theoretically both libraries should be able to co-exist. However, I did not investigate that problem any further, because I think that loading all sasl plugins is just wrong, because slapd only uses its own internal auxprop module and does not need any of them. I tried the proposed method of excluding ldapdb by having a slapd.conf file containing 'pwcheck_method: auxprop' and 'auxprop_plugin: slapd',but that did not improve anything. I therefore changed slapd to no longer load any sasl plugins whatsoever. With this change, everything works fine.
Btw., my SASL installation is cyrus-sasl-2.1.25.
Here is the patch I created, along with the required legalese:
The inlined patch below is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Thomas Koeller thomas@koeller.dyndns.org. I have not assigned rights and/or interest in this work to any party.
I, Thomas Koeller, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
diff -brpu openldap-2.4.28-orig/servers/slapd/sasl.c openldap-2.4.28/servers/slapd/sasl.c --- openldap-2.4.28-orig/servers/slapd/sasl.c 2011-11-25 19:52:29.000000000 +0100 +++ openldap-2.4.28/servers/slapd/sasl.c 2011-12-26 15:40:14.000000000 +0100 @@ -67,6 +67,16 @@ char *slap_sasl_auxprops;
#ifdef HAVE_CYRUS_SASL
+/* Do not load any plugin modules, only use internal auxprop */ +static int +slap_sasl_verifyfile( + void *context, + const char *file, + sasl_verify_type_t type) +{ + return type == SASL_VRFY_PLUGIN ? SASL_CONTINUE : SASL_OK; +} + /* Just use our internal auxprop by default */ static int slap_sasl_getopt( @@ -1111,6 +1121,7 @@ int slap_sasl_init( void ) static sasl_callback_t server_callbacks[] = { { SASL_CB_LOG, &slap_sasl_log, NULL }, { SASL_CB_GETOPT, &slap_sasl_getopt, NULL }, + { SASL_CB_VERIFYFILE, &slap_sasl_verifyfile, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; #endif