Full_Name: Clement Oudot Version: 2.4.44 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.248.50.71)
Hello,
with a simple olcAuthzRegexp configuration like:
olcAuthzRegexp: {0}uid=(.*),cn=gssapi,cn=auth ldap:///dc=example,dc=com???(uid=$1)
And ppolicy overlay configured, for example like:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {0}ppolicy olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE
We have a segfault when running this command:
$ /usr/local/openldap/sbin/slapauth -F /home/clement/configuration/openldap/example /slapd.d/ -v coudot -M GSSAPI
Here is the GDB backtrace:
Program received signal SIGSEGV, Segmentation fault. 0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0, rs=0x7fffffffd070) at ppolicy.c:1379 1379 ppolicy.c: Aucun fichier ou dossier de ce type. (gdb) bt #0 0x000000000055644f in ppolicy_restrict (op=0x7fffffffd0e0, rs=0x7fffffffd070) at ppolicy.c:1379 #1 0x00000000004a55ca in overlay_op_walk (op=op@entry=0x7fffffffd0e0, rs=0x7fffffffd070, which=op_search, oi=0xa59ef0, on=0xa571d0) at backover.c:661 #2 0x00000000004a574e in over_op_func (op=0x7fffffffd0e0, rs=<optimized out>, which=<optimized out>) at backover.c:730 #3 0x0000000000487375 in slap_sasl2dn (opx=0x7fffffffd710, saslname=0x0, sasldn=0x7fffffffd310, flags=-16, flags@entry=2) at saslauthz.c:2008 #4 0x000000000048e42b in slap_sasl_getdn (conn=conn@entry=0x7fffffffd450, op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440, user_realm=0x0, dn=dn@entry=0x7fffffffd410, flags=flags@entry=2) at sasl.c:1891 #5 0x00000000004aba73 in do_check (c=c@entry=0x7fffffffd450, op=op@entry=0x7fffffffd710, id=id@entry=0x7fffffffd440) at slapauth.c:44 #6 0x00000000004abe54 in slapauth (argc=<optimized out>, argv=0x7fffffffdcc8) at slapauth.c:161 #7 0x0000000000425e98 in main (argc=7, argv=0x7fffffffdc98) at main.c:664
Note that there is no bug if one of this condition is true: * overlay ppolicy is not configured * olcAuthRegexp does not use internal LDAP search * GSSAPI schema is not requested in slapauth
Hope you have enough information in this report. Feel free to ask more if needed.