coudot@linagora.com wrote:
Full_Name: Clement OUDOT Version: 2.4.35 OS: CentOS 6 64bits URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (83.145.72.122)
I use the overlay constraint to check that a value of the attribute ssoRoles exists in the directory. The configuration looks like this:
Thanks for the report, fixed now in master
overlay constraint constraint_attribute ssoRoles uri ldap:///ou=applications,dc=cirra,dc=net?entrydn?sub?(&(objectClass=organizationalUnit)(ou:dn:=roles)) restrict="ldap:///ou=users,dc=cirra,dc=net??one?(objectClass=inetOrgPerson)"
An ldapmodify with this LDIF crash the slapd process:
dn: uid=toto,ou=users,dc=cirra,dc=net changetype: modify add: ssoRoles ssoRoles: ou=ROLE_PES,ou=roles,ou=simabo,ou=applications,dc=cirra,dc=net
The crash occurs because the entry uid=toto,ou=users,dc=cirra,dc=net do not exist. The same LDIF on an existing entry works well.
Below is the stacktrace generated with gdb:
(gdb) run -d 0 Starting program: /usr/local/openldap/libexec/slapd -d 0 [Thread debugging using libthread_db enabled] [New Thread 0x7fffb3d42700 (LWP 16519)] [New Thread 0x7fffb3541700 (LWP 16521)] [New Thread 0x7fffb2d40700 (LWP 16522)]
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffb2d40700 (LWP 16522)] constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at constraint.c:713 713 int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len; Missing separate debuginfos, use: debuginfo-install berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-17.el6.x86_64 glibc-2.12-1.107.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-27.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) bt full #0 constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at constraint.c:713 diff = <value optimized out> __PRETTY_FUNCTION__ = "constraint_check_restrict" #1 0x000000000054b39f in constraint_update (op=<value optimized out>, rs=0x7fffb2d3f950) at constraint.c:989 j = <value optimized out> ce = 0 on = 0x9e5e30 be = 0x7fffb2d3e4e0 c = 0x9e60f0 cp = <value optimized out> target_entry = 0x0 target_entry_copy = 0x0 modlist = 0x7fffa8000920 m = 0x7fffa8000920 b = 0x7fffa81015c0 i = <value optimized out> rsv = {bv_len = 24, bv_val = 0x60f2a4 "modify breaks constraint"} rc = <value optimized out> msg = 0x0 is_v = <value optimized out> #2 0x00000000004a6d7a in overlay_op_walk (op=0x7fffa8000960, rs=0x7fffb2d3f950, which=op_modify, oi=0x9e1020, on=0x9e5e30) at backover.c:661 func = 0x9e5e88 rc = 32768 #3 0x00000000004a7847 in over_op_func (op=0x7fffa8000960, rs=<value optimized out>, which=<value optimized out>) at backover.c:723 oi = <value optimized out> on = <value optimized out> be = 0x9ba220 db = {bd_info = 0x9e5e30, bd_self = 0x9ba220, be_ctrls = "\000\000\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\000\000\001", '\000' <repeats 12 times>, "\001", be_flags = 2312, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x9dca20, be_nsuffix = 0x9dca50, be_schemadn = { bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 26, bv_val = 0x9dcb70 "cn=manager,dc=cirra,dc=net"}, be_rootndn = {bv_len = 26, bv_val = 0x9dcbc0 "cn=manager,dc=cirra,dc=net"}, be_rootpw = {bv_len = 38, bv_val = 0x9dc8b0 "{SSHA}2S9rqrduHEq4AcNIfS+wxClQwbD5aoLn"}, be_max_deref_depth = 15, be_def_limit = { lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x9e01a0, be_acl = 0x9b9850, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, ---Type <return> to continue, or q <return> to quit--- be_pending_csn_list = 0xa6f7f0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x8838c0, be_private = 0x9ba3c0, be_next = { stqe_next = 0x9e6470}} cb = {sc_next = 0x0, sc_response = 0x4a6af0 <over_back_response>, sc_cleanup = 0, sc_private = 0x9e1020} sc = <value optimized out> rc = 32768 __PRETTY_FUNCTION__ = "over_op_func" #4 0x000000000045728b in fe_op_modify (op=0x7fffa8000960, rs=0x7fffb2d3f950) at modify.c:303 update = <value optimized out> repl_user = <value optimized out> op_be = <value optimized out> bd = 0x88c200 textbuf = ">\000\000\000\000\000\000\000\240\030\020\250\377\177\000\000\000\000\000\000\000\000\000\000@\026\020\250\377\177\000\000\240\235G\000\000\000\000\000\267\244E", '\000' <repeats 13 times>, "\003\000\000\000\060\000\000\000[\000\000\000|", '\000' <repeats 11 times>, "\b", '\000' <repeats 31 times>, ">\000\000\000\000\000\000\000\360\025\020\250\377\177\000\000\000\000\000\000\000\000\000\000 \t\000\250\377\177\000\000\000\000\000\000\000\000\000\000@É
#5 0x0000000000457bb6 in do_modify (op=0x7fffa8000960,
rs=0x7fffb2d3f950) at modify.c:177 dn = {bv_len = 33, bv_val = 0x7fffa8101507 "uid=toto,ou=users,dc=cirra,dc=net"} textbuf = "\027\f\000\250\377\177", '\000' <repeats 42 times>, "PG\253\367\000\000\000\000P\333\377\367\377\177\000\000\000\000A", '\000' <repeats 13 times>, "\030f@\000\000\000\000\000Y\345`\237\064", '\000' <repeats 11 times>"\351, \363[\000\000\000\000\000`\t\000\250\377\177\000\000\340\024\302\236\064\000\000\000\377\377\377\377\377\177\000\000\030\372Ó²\377\177\000\000\210\021\302\236\064\000\000\000@\304X\237\064", '\000' <repeats 11 times>, ":\236\240\236\064\000\000\000\320\016\000\250\377\177\000\000\000\000\020\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\260\372Ó²\377\177\000\000\360.I", '\000' <repeats 13 times>, "\t\000\000\000\062\000\000\000`\t\000\250\377\177\000\000\320\016\000\250\377\177\000" tmp = <value optimized out> #6 0x000000000043f9a9 in connection_operation (ctx=0x7fffb2d3fab0, arg_v=0x7fffa8000960) at connection.c:1155 rc = 80 cancel = <value optimized out> op = 0x7fffa8000960 rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} tag = 102 opidx = SLAP_OP_MODIFY conn = 0x7ffff632bc10 ---Type <return> to continue, or q <return> to quit--- memctx = 0x7fffa8000ed0 memctx_null = 0x0 memsiz = 1048576 __PRETTY_FUNCTION__ = "connection_operation" #7 0x0000000000440195 in connection_read_thread (ctx=0x7fffb2d3fab0, argv=<value optimized out>) at connection.c:1291 rc = <value optimized out> cri = {op = 0x7fffa8000960, func = 0, arg = 0x0, ctx = 0x7fffb2d3fab0, nullop = <value optimized out>} s = <value optimized out> #8 0x0000000000593d00 in ldap_int_thread_pool_wrapper (xpool=0x960c00) at tpool.c:688 pool = 0x960c00 task = 0x7fffac0008c0 work_list = <value optimized out> ctx = {ltu_id = 140736193627904, ltu_key = {{ltk_key = 0x43e7c0, ltk_data = 0x7fffa8000dc0, ltk_free = 0x43e890 <conn_counter_destroy>}, {ltk_key = 0x492d40, ltk_data = 0x7fffa8000ed0, ltk_free = 0x492d60 <slap_sl_mem_destroy>}, {ltk_key = 0xa6f810, ltk_data = 0x7fffa8100f80, ltk_free = 0x4f7280 <bdb_reader_free>}, {ltk_key = 0x452ba0, ltk_data = 0x0, ltk_free = 0x452970 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} <repeats 25 times>, { ltk_key = 0x0, ltk_data = 0x349f607eea, ltk_free = 0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0}}} kctx = <value optimized out> keyslot = 555 hash = <value optimized out> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #9 0x000000349f607851 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #10 0x000000349f2e890d in clone () from /lib64/libc.so.6 No symbol table info available. (gdb)
Please tell me if something else is needed in this bug report.
Regards,
Clement OUDOT.